The Telangana government’s IT ministry will object to the Personal Data Protection Bill’s requirement that one copy of all users’ personal data be stored in India, the Economic Times reports. KT Rama Rao, the Cabinet Minister for IT, confirmed this to the publication, and said that the ministry would send a letter to Ravi Shankar Prasad, the Union IT minister.
MediaNama has reached out to Telangana’s IT ministry for comment and will update this when we hear from them. At this stage, the specifics of the Telangana government’s objection are not accessible, and the contents of its letter to the Centre also unknown.
An IT ministry spokesperson told ET that “Views of state governments and public response are being sought. Data protection law would also be placed for Cabinet’s approval before finalising the legislation.”
American and Indian tech companies have been critical of this requirement in the bill, saying that it would drive up their costs in India and force them to set up large data centres to accommodate the trove of personal data of Indians that they currently hold abroad.
Will data localisation work?
The Srikrishna committee has positioned localisation as a way to boost investment, ensure quick law enforcement access to data, and also a way to protect user privacy.
At MediaNama’s recent event on the DPA, Venkatesh Krishnamoorthy from BSA said that law enforcement access to data was a legitimate concern, since governments currently had to go through the cumbersome and inefficient MLAT process (which is itself broken) to get data, and sometimes they get data after two or three years.
“Even if data is stored in Pune or Bombay, you can’t just step into the data centre and ask for information. You need a legitimate request and go through the process,” he said.
Krishnamoorthy added that compliance would be an issue. Having one ‘serving’ copy of personal data within the country is an area of concern. He said that costs would go up for consumers and businesses as a result of localisation. Cloud services are able to provide cheap services with credits to users in India because they’re able to harness the power of global digital data flows, he asserted. “It’s the customers’ choice to choose where to store their data.”
Meanwhile, BJP’s Vinit Goenka said, “Cambridge Analytica happened because the data was there [in a different country]. Had it been here, I would have put some boys behind the bars. They would take a day to give the data. Today they are trying to push their patents.” Goenka also believes that localisation of data would lead to a growth in India’s GDP, through ICT investments.
Goenka added, “If they [foreign companies] believe that data is borderless and data can be kept anywhere, I invite all the countries of the world to keep their data here. And as we trusted them all these years, they can trust us. Let us debate what are the processes, what are the standards to be followed, and we can put in all the standards…the best of the things.”
There were also questions raised on whether localisation requirements will improve user privacy.
CCICI’s Vibhakar Bhushan said that the internet is globalised and breaches could happen from anywhere. Mirroring only increased that possibility, he argued. Another CCICI official argued that is that datasets and architecture of large applications employed by companies are not simple, and are complexly intermeshed. Application architectures and how data is extremely complex and localisation may require full re-architecture of the data, Vikas Mathur, the CCICI official, argued.