This is first in our series covering our events in Delhi and Bengaluru on India's Data Protection Law. Click here to read the rest. "What mirroring does is increase the number of attack surfaces for any system," Vinayak Hegde, CTO of Zoomcar said at the #NAMAprivacy discussion on the data protection bill in Bangalore last week. "An attack surface", he explained, "is the amount of places where you can attack a system so that it can be breached. Earlier you could attack a server in the US and get that data. Now with localisation and mirroring forced on you, you have another system that is much more poorly secured depending on what operator you have. That also has national security considerations which nobody is talking about." Data localisation is possibly one of the most contentious parts of the Srikrishna committee's data protection bill. Software lobbies and companies have come out in protest against this requirement, since it would significantly drive up costs. It is, however, a requirement that the government seems intent on implementing — even the national e-commerce policy and the unreleased national cloud policy of the government endorse the idea. Why does the government want localisation — that is, requiring at least one copy of all Indians' personal data to be stored in India? Will doing so achieve the aims the government likely has in mind, i.e. law enforcement access to data, control for users, and job creation? The following key points were made on Data Localisation at…
