Chinmaya IAS Academy – Current Affairs Chinmaya IAS Academy – Current Affairs
Related Articles
The debate on data localisation must not be reduced to a good-bad binary
For long, Internet activists considered the Internet as being beyond law, politics and governments. J.P. Barlow made the famous Declaration of Independence of Cyberspace in 1996. It was fine when this phenomenon was just shaping up and challenging established institutions. But with the Internet and data becoming central to new social and economic institutions, can they still be kept sheltered from the rule of law? It is the law that provides people, especially the weaker sections, various protections and ensures justice. In a digital society, as data mirror and help organise all aspects of social, economic and political life, data need to be subject to the rule of law.
For the law to apply to something, it should normally be able to access and act upon it. Agencies, for instance, may require access to data to ensure that someone who criminally harmed another can be punished. Data are important requirements for various regulations. Actors over which the Indian law has no reach should not be able to use our data to harm us through surveillance or informational warfare (including election manipulations). Our data should be protected from such foreign entities.
As privacy is a right, it is primarily the state’s responsibility to protect our personal data. But it can mostly do so only if the data are within its reach. There are also great dangers regarding privacy from state agencies themselves. Such privacy can only be ensured by invoking and strengthening the protective and corrective powers of the state, including the judiciary and new data protection-related institution(s). It will be useful for the new data protection authority proposed by the Srikrishna Committee to actually be a constitutional authority.
Democracy is local
However, to seek unchecked global flows of all kinds of data in emerging ‘datafied’ societies is irrational. It would mean withdrawal of the state from key social and economic roles that it traditionally performs. By default, digital societies and economies get ruled globally by the most powerful corporations and governments, which work in a mutually reinforcing manner. Data localisation attempts to bring back the rule of law to our digital and ‘datafied’ existence.
All major countries are working on some kind of data localisation proposals. Germany, Indonesia, South Korea, Russia and China already have various kinds of data localisation regimes. The EU and the U.S. also localise or put very strict conditions on cross-border flow of some kinds of data.
Global digital corporations live off global data. It testifies to their discursive might that when it comes to discussions in developing countries like India, the term ‘data localisation’ gets invariably presented as imbued with inherent moral, political and economic evil — a profanity that only state surveillance-minded and economic protectionist people can utter. At the numerous non-governmental meetings currently being held in Delhi and other places on data-related legal issues, any mention of data localisation, other than in the most critical terms, immediately attracts strong morally disapproving glances.
To moral reprobation is added the cost-of-compliance argument. While this should be minimised, there is always some cost to maintaining the rule of law. There are some accumulated jump-start costs while shifting from a largely lawless regime to the rule of law in the digital space. These must be borne if we are to build the foundations of a rule of law-based, fair and just digital society. This task will only keep getting more difficult, and more expensive.
Data are of many kinds — there is news and information; personal, community and corporate data; data concerning common business activities, military, banking, health, education and agriculture; and so on. Some of these data are very sensitive, some are needed for effective regulation, some for governance and policymaking, and some for economic development, infrastructure and sharing. It is therefore a matter of what kind of data requires what kind of regulatory regime – localisation, global free flow, or various shades of grey in-between, rather than a sterile binary of whether data localisation is good or bad, which is what the debate has been reduced to unfortunately.
