In another bid to assert sovereignty over Indian citizens’ data, India has proposed the concept of “data-oriented jurisdiction” in its August submissions to the second session of the United Nations Ad Hoc Committee convened to formulate an international treaty to tackle cybercrime. Included in India’s submissions on “Criminalization, General Provisions and Procedural Measures and Law Enforcement”, India describes data-oriented jurisdiction as: “The country whose citizen’s data is being stored/processed/screened/federated anywhere in the world should be having the broader jurisdiction of the data immaterial of where the data is physically stored/ processed/ screened/ federated. This Data Oriented Jurisdiction will ensure the primality of data ownership and the issue of privacy (an acknowledged fundamental right of a global citizen) and human rights.” India’s submissions argue that cyberspace and cloud-based resources have disrupted the classical Westphalian model of jurisdiction—in which a nation-state’s laws are applicable to events taking place within its defined geographical and political territory. This has led to a “jurisdictional nightmare” for countries looking to regulate domestically-relevant cybercrimes. Why it matters: While data-based jurisdiction is India’s solution to addressing legitimate jurisdictional scuffles at a global scale, it also widens government access to citizen data, raising surveillance and privacy concerns. The Indian government is also reportedly softening its stance on data localisation provisions—cross-border data flows will be permitted provided law enforcement agencies can access Indian citizens’ data abroad. The risks of privacy infringements in both cases are accentuated in the absence of an Indian data protection and privacy law. How does cyberspace…
