India should lead the world in setting rules for data protection: Anupam Chander3 min read . Updated: 26 May 2014, 11:01 PM IST
Chander speaks about how data localization could break the global Internet
Mumbai: Anupam Chander is director of the California International Law Center and Martin Luther King Junior Hall Research Scholar. A graduate of Harvard College and Yale Law School, he serves as a judge and commentator at the Harvard-Stanford Junior International Law Faculty Forum and is an author of books including Securing Privacy in the Internet Age, and The Electronic Silk Road: How the Web Binds the World in Commerce.
In a recent Google Hangout interview, Chander spoke about how data localization could break the global Internet, and argued that even though there are legitimate global anxieties over surveillance and security, governments are justifying measures without enhancing either privacy or security. Edited excerpts:
You say that driven by concerns over privacy, security, surveillance and law enforcement, governments are erecting borders in cyberspace, breaking apart the World Wide Web. However, governments have legitimate concerns over protecting a nation’s security. Is there a way to strike a balance between the two?
Governments across the world are rightly upset with the US for mass surveillance across the world. But governments might begin their critique by first reviewing their own laws. Do Indian laws provide any protections for the information of non-Indian citizens gathered outside India? International rights to privacy apply to all people, regardless of citizenship. India should lead the world in setting out rules for the protection of data of all people, regardless of citizenship.
The outsourcing industry has brought opportunity to many Indians, offering them the chance to provide services to the world without migrating abroad. The industry depends on the free flow of data across the world—from tax returns to legal documents. If countries shut down this free flow, it will harm economic growth across the world.
In a recent study, you highlighted how countries around the world are taking measures to force data localization that can threaten commerce, and even major new advances in information technology—not only cloud computing, but also the promise of Big Data and the Internet of Things.
A couple of weeks ago, there was a fire in a Samsung office in Korea. The fire in Korea caused Samsung smart TVs in the US to go offline for a few hours. This is the Internet of Things, where goods are embedded with information services that depend on the flow of data across the world. We can hardly expect Samsung to roll out different smart TVs for each country, with a local data ecosystem to process user data and recommend what TV to watch. Data localization (requiring Internet-run businesses, including online service providers and those using cloud services, to store data within the country where they are located and not on servers in other countries) will make it hard to access global cloud services or even global goods. By the way, Brazil has reconsidered its earlier move towards data localization, passing a measure creating a kind of Internet users’ Bill of Rights.
A European Union court recently ruled that Google Inc. would have to remove the links to personal information that are “no longer relevant" or “excessive". What are the implications for the Internet as Google and other search engines try to balance the need to protect the privacy of individuals while guarding the open structure of the Internet?
When we want to learn information, we want to know both the good and bad about the subject. But imagine if a person could simply scrub all the bad information about him from being searchable on the Internet. The person could do so by claiming that such information was “no longer relevant". Do we want search engines to then judge whether information remains “relevant" or is somehow “inadequate" under threat of liability for leaving information accessible? An Internet sanitized of accessible negative information will only tell half the truth.
What would you advocate—a multilateral or a multi-stakeholder approach on the Web, especially now that the US has decided to cede its control over the Internet Corporation for Assigned Names and Numbers, or ICANN?
Governments left alone to regulate the Internet are likely to seek greater control and the ability to gather and share data freely among themselves. That is why it is imperative that organizations and individuals that care about free expression are involved in Internet governance.
Virtual currencies such as Bitcoin are gaining momentum on the Web, despite some hiccups. They are also threatening traditional banking models.
Banking regulators should move towards recognizing and even promoting Bitcoin. A well-regulated exchange for the currency could create a cheap medium for storing and transferring value. Early and smart interventions could make Indian companies the leaders in business based on Bitcoin.