The recent report from the office of the United States Trade Representative (USTR) criticising the data localisation rules being implemented in India, need not unduly concern policymakers. The report alleges that India has proposed and implemented several data localisation rules that could act as an impediment to digital trade and increase the cost of operations of multinational service providers, resulting in some of the smaller firms moving away from India. But the USTR is obviously batting for US companies and fails to recognise the challenges faced by policymakers in monitoring data that is stored in servers outside the country. Besides making surveillance of these financial transactions easier, there are several other benefits in insisting on data localisation. Protection of privacy of personal data of customers can be ensured more effectively if it is housed in servers in the country. While the construction of local data centres by the MNC payment service companies may appear ‘unnecessary and redundant’ to USTR, it helps create employment locally and also increases the physical presence of these companies in India, thus making them more accountable to the Indian authorities. Also, with data emerging as the new oil, it will be best to keep it on Indian shores. As the second largest internet market with 658 million online users, the data generated in India is humongous.

RBI’s firm implementation of the order issued in 2018 — that all payment service players should store all information relating to payments by Indian citizens on servers located in India — affirms the advantages of data localisation. Large card companies such as American Express Banking Corp, Diner’s Club and Mastercard were found non-compliant with RBI’s rules and were stopped from onboarding new customers on their network in 2021. But this move did not cause any disruptions in the industry and has, instead, benefited other domestic players in the segment. Sensitive data relating to credit and debit card payments are now being stored in servers within the country and the RBI has better access to the data for surveillance purposes. Indian policy makers should, similarly, hold their ground in other issues flagged by the USTR.

The US trade representative office has, for instance, flagged concerns about provisions in the Personal Data Protection Bill, the Non-personal Data Governance Framework and the e-commerce policy that are on the anvil. These regulations insist on storing data generated by Indians on local servers. The trade representative office has stated that it is concerned over the provision that cross border transfer of sensitive personal information can be done only with explicit consent of the owner of the data and that critical personal information cannot be transferred outside India under the Personal Data Protection Bill. It is apprehensive that the e-commerce policy could lead to forced sharing of business sensitive information, trade secrets, intellectual property and proprietary source codes. While it is the USTR’s mandate to raise its voice against laws that are not conducive for US companies, the above-mentioned rules are needed to ensure the right to privacy of Indian citizens and to safeguard the interests of Indian businesses. The latter clearly takes precedence.

comment COMMENT NOW