If data is likened to oil, it’s with good reason. With the European Union General Data Protection Regulation (GDPR) coming into force, the clamour for having our own data protection law has been growing louder. India is fast emerging as a preferred hub for innovation and the National Association of Software and Services Companies (Nasscom)—Data Security Council of India (DSCI) have been emphatic about balancing the twin pulls of innovation and privacy. Cross-border data flows in the past have contributed approximately $3 trillion to the global economy, and we must not jeopardize it.

Recent efforts towards creating a robust data protection framework in India focus on one aspect across various parts of the government machinery—data localization. Four key pronouncements in quick succession have hailed data localization as the solution to protect Indian consumers and safeguard India’s national and economic interests. These include recommendations by the Reserve Bank of India (RBI), the committee of experts led by justice B.N. Srikrishna, the draft e-commerce policy and the draft report of the cloud policy panel (the last two leaked to the media). With the chorus for localization gaining momentum, it is worth revisiting the premise on which such recommendations have been made.

The good news is that India is now in a select band of countries moving towards a comprehensive data protection regime. The bad news, however, is that several of the above recommendations, including the draft e-commerce policy, falter on a key ground—they gloss over the negative economic impact of data localization. This approach exhibits lack of evidence-based policy making.

Will localization help domestic industry? Having data in India does not mean that domestic companies will be able to access this data. Localization might aid the growth of the data centre and the cloud computing industry in India, but as matter of wider public policy, such an approach is extremely myopic. Competitiveness, not protectionism, will yield positive outcomes in the long term.

The competitive gains of localization, if any, will be ephemeral and will drive up the infrastructure costs for Indian technology start-ups and SMEs. Mandating localization is less of a solution for data protection and might be less relevant to promote e-commerce.

The $167 billion Indian IT industry is export-driven and deals with data of citizens and companies in the US, the EU and other parts of the world. Given the comparative trade advantages enjoyed by one section of Indian industry in this context, mandating a strict data localization regime could be perceived as a restrictive trade barrier and spur retaliatory measures. The last thing India wants is to fuel a trend where the world starts moving towards data silos. A McKinsey study has estimated that cross-border data flows have resulted in the world gross domestic product getting a boost by as much as 10%.

Are we prepared to give all this up? To protect what?

Ashish Aggarwal is senior director and head of public policy at Nasscom

Close