Should data be allowed to flow freely or localised at source? As IT Ministry prepares to present data protection Bill in Parliament and countries argue at global forums, a look at both sides of the debate.

The IT Ministry’s Bill on data protection is scheduled to be introduced in Parliament during the current session. Worldwide, the data flow debate is playing out at the World Trade Organisation (WTO) and G20.

Why is data valuable?
Data is any collection of information that is stored in a way so computers can easily read it. These days, most people refer to data to mean information about their messages, social media posts, online transactions, and browser searches. Big data refers to the immense amount of data that can now be collected, stored, and analysed to find patterns.

This large collection of information about people’s online habits has become an important source of profits. Your online activity can expose a lot about who you are, and companies find it valuable to use the information to target advertisements to you. Governments and political parties have also gained interest in these data sets for elections and policymaking.

What exactly about data laws are countries debating?
Data is stored in a physical space, like a file cabinet that can be the size of the Taj Mahal. Data is also transported across country borders physically, traveling through underwater cables that run as deep as Mount Everest and as long as four times the span of the Indian Ocean. Thirdly, just as oil is refined, data has to be processed to be useful. This means it is analysed by computers.

These aspects of data flows — where it is stored, where it is sent, where it is turned into something useful — determines who has access to the data, who profits off the data, who taxes the data, and who “owns” the data.

With these questions in mind, individual governments are developing their own domestic rules and negotiating with each other on a global stage, raising values of national security, economic growth, and privacy.

Where does India’s domestic policy on data stand?
India’s recent drafts and statements have strong signals for data localisation, which means that data of Indians (even if collected by an American company) must be stored and processed in India.

Along with a Reserve Bank of India directive to payment companies to localise financial data, the Ministry of Commerce’s draft e-commerce policy from February is currently in public consultation. The IT Ministry has drafted a data protection law that will be introduced in Parliament and has also framed draft intermediary rules that were leaked in December.

These laws, broadly speaking, could require Facebook, Google, and Amazon to store and process in India information such as an Indian’s messages, searches, and purchases. In some cases, they restrict what type of data these companies can collect. In others, it requires only a copy of the data to be in the country.

The other argument from the Indian government is that localisation will help law enforcement access the data. Currently, India has to use “mutual legal assistance treaties” (MLAT) with the US to get the data of Indians that are controlled by American companies. By requiring a copy of the data to be stored in India (data mirroring), the government hopes to have more direct control over these companies, including the option to levy more taxes on them.

The government also argues for data localisation on the ground of national security, to prevent foreign surveillance and attacks.

What are counter-arguments against data localisation?
On the other side, the US government and companies want cross-border flow of data. It would allow companies to store the data of Indians in the most efficient place in the world. Even though India’s data economy is not as large as that of others, it is one of the fastest growing, making it a market that global companies cannot afford to ignore.

Others caution that these laws could bring increased state surveillance, like India’s draft intermediary rules that would require WhatsApp to change its design to proactively filter messages. The company says messages are currently encrypted, meaning neither the company nor any government can see them.

What is happening at the global forums?
Trade tensions worldwide are escalating, giving the data flow debate new relevance at the WTO and G20.

WTO member countries are negotiating rules about e-commerce, which is the buying and selling of goods and services online. Digital trade contributes more to global GDP than physical trade. India is one of the fastest growing markets, with e-commerce expecting to reach $1.2 trillion by 2021.

From the G20 meeting in Tsukuba on June 8 and 9, the Ministerial Statement on Trade and Digital Economy championed cross-border flow of data. A principle titled “Data Free Flow with Trust” (DFFT) — supported by US, Japan, and Australia — is expected to be a significant talking point at the upcoming G20 summit.