India’s push for data localization is shaking up the tech industry. The government urges companies to set up data storage in the country. This will ensure a “resilient internet” capable of withstanding global disruptions. The rise of artificial intelligence (AI) makes this infrastructure even more crucial. S. Krishnan, Secretary at MeitY, highlighted the need for data storage during a recent event in Delhi.
“We are not saying there won’t be free flow of data,” Krishnan clarified. “We have nothing against the free flow of data.” However, he stressed the need for increased data storage capacity to handle the growing demand, particularly driven by AI advancements.
The draft Digital Personal Data Protection (DPDP) rules, which concluded their consultation phase on March 5, include a provision requiring “significant data fiduciaries” to comply with localization mandates for certain personal data. These mandates, which will be guided by a data protection committee and approved by the central government, have sparked concerns from Big Tech companies such as Meta and Google’s Indian arms. These companies argue that the proposed committee overseeing cross-border data transfers could lead to unnecessary bureaucracy and regulatory overreach.
Big Tech’s Concerns on Data Localization
Big Tech companies are calling for a more flexible approach to data localization. One anonymous executive expressed that the committee-based approach goes beyond the provisions in the DPDP Act, introducing complications that could burden operations. “Demand for blanket localization of data involves complications in operation, as well as the cost involved,” they explained.
Experts agree that while localization of certain sensitive data is crucial, a blanket mandate could become an unnecessary burden. Rohit Kumar, founding partner at policy think-tank The Quantum Hub, pointed out that a sector-specific approach would be more effective. “Mandating localization of strategic sensitive data is prudent,” Kumar suggested, referencing the Reserve Bank of India’s successful localization of sensitive financial data as a model. He believes this approach would best balance user privacy and business efficiency.
India’s Path Forward: What’s Next for the DPDP Rules?
A government official shared that the upcoming data protection committee will play a crucial role in determining data transfer restrictions. The committee will consult with industry stakeholders before making its final recommendations. They expect to notify the final rules within two to three months, and will likely give businesses two years to comply.
In conclusion, India’s push for data localization is crucial for securing digital infrastructure. The government must balance user privacy, national interests, and business growth. The expected changes to the DPDP rules may provide the flexibility businesses seek. Furthermore, this could pave the way for smoother implementation of the regulations.
source: Mint
