India does not have a dedicated data protection law. The Ministry of Electronics and Information Technology (MeitY) had appointed an expert panel headed by former SC judge BN Srikrishna to draft a data protection law last August. The 10-member panel is expected to present its draft this month. But some reports are already hinting at possible entries in the draft.
According to a report in The Economic Times, the committee is likely to ask multi-national companies and global internet giants such as Google and Facebook, among others, to store data of Indian citizens within the country. Majority of the members from the panel want to ensure that sensitive personal data of Indian citizens is stored within the country as that will be in our best interests. But it's not a unanimous mandate according to the report, as some members want to ensure there is a free-flow of information to retain the competitive advantage.
Members who have spoken to ET have said that there is a high likelihood of the data to be stored in India. The committee is expected to meet on Monday to discuss the issues and the draft is to be presented by the end of June.
"While sensitive personal data is already defined under many Acts, the committee will do the remaining job," said a member of the panel to ET.
With the misuse of public data with incidents such as the Facebook Cambridge Analytica data scandal, it seems like a lot of the panel members are keen to ensure sensitive data of Indian citizens is stored locally. Needless to say, this will cause a lot of chaos to multinational internet companies, as they will have to ensure that they build data centres locally to store data. Data centre and server costs will have to be taken into consideration for this.
The committee had released a white paper on data protection back in November last year, the responses to which would help with the formulation of future data protection laws. Asheeta Regidi, a cyber law expert, has discussed data localisation in detail in part 3 of our 12-part Understanding The Data Protection White Paper series.
Some members of the panel are opposed to this mandate of having data stored locally, as they feel it will affect India's software industry and also have an adverse impact on the innovation and economic growth.
Eben Moglen and Mishi Choudhary of SFLC.in in their comment piece for tech2 argued why enforcing data localisation is not the right way to go for democracies such as India and the US. According to them, "Broad requirements to keep local users' data in-country substantially impede the adoption of 'cloud computing' technologies by local businesses as well as international enterprises, however. Data storage and computing power are becoming utilities available on the net without regard to location. The resulting flexibility and price competition are transforming the global market in information technology. Localisation requirements will radically distort that market, a form of protectionism that will raise prices and reduce productivity throughout national economies."
According to Moglen and Choudhary, data localisation can impose severe costs that override the benefits. "In societies not governed by the rule of law, localisation amplifies the power of the organs of oppression, just as the form of "personal localisation" represented by the Berlin Wall and the Iron Curtain amplified the power of Stasi and the KGB. But for democracies, like India or the US, data localisation is altogether the wrong approach to law enforcement in digital society."
We shall find out more details on Monday with regards to this particular aspect of the data protection law.