When you swipe your Visa card or use Amazon’s services, ever wondered how your financial and personal information is carried, processed or stored? Well, most of the data tend to be either partly or completely stored outside India. Quite apart from worries about who has access to your data overseas, the Indian government and regulators too have limited access to this data. This is what the RBI wants to change through its data localisation rules.

What is it?

Earlier this month, companies from around the world scrambled to comply with the RBI’s deadline for localisation of all sensitive data belonging to Indian users of various digital payment services. Data localisation is the act of storing data on any device physically present within the borders of a country. As of now, most of these data are stored, in a cloud, outside India.

RBI’s diktat has followed the draft data protection law recommended by Srikrishna committee in July/August. One of the recommendations was that the government must enjoy unfettered access to its citizens’ or residents’ data for use in domestic policy-making (through Big Data analytics and Artificial Intelligence).

Localisation mandates that companies collecting critical data about consumers must store and process them within the borders of the country. The RBI had issued a circular mandating that payments-related data collected by payments providers must be stored only in India, setting an October 15 deadline for compliance. This covered not only card payment services by Visa and MasterCard but also of companies such as Paytm, WhatsApp and Google which offer electronic or digital payment services. Many companies are yet to comply with this rule and the RBI has not specified any fines or penalties for the delay.

Why is it important?

The main intent behind data localisation is to protect the personal and financial information of the country’s citizens and residents from foreign surveillance and give local governments and regulators the jurisdiction to call for the data when required. This aspect has gained importance after a spate of lynchings across States was linked to WhatsApp rumour. Revelations of social media giant Facebook sharing user data with Cambridge Analytica, which is alleged to have influenced voting outcomes, have led to a global clamour by governments for data localisation.

The other argument is that data localisation is essential to national security. Storing of data locally is expected to help law-enforcement agencies to access information that is needed for the detection of a crime or to gather evidence. Where data is not localised, the agencies need to rely on mutual legal assistance treaties (MLATs) to obtain access, delaying investigations. On-shoring global data could also create domestic jobs and skills in data storage and analytics too, as the Srikrishna report had pointed out.

However, on the flip side, maintaining multiple local data centres may entail significant investments in infrastructure and higher costs for global companies, which is why they seem to be up in arms against these rules.

Why should I care?

As all of us are trusting global service providers with more and more information, both on a voluntary and involuntary basis, we may like to have greater accountability from these firms about the end-use of this data. Data localisation may not entirely avoid Facebook-Cambridge Analytica-like episodes but it may at least ensure that domestic law enforcement can respond more effectively to our complaints.

The bottomline

India has a stronger bargaining chip than most nations in pushing for data localisation — access to its billion-strong consumer market.

A weekly column that puts the fun into learning.