The aggressive push towards a digital economy requires a robust governance framework which is steering Indian lawmakers to introduce and revise existing policies, enabling better monitoring and control over perceived risks. With over a quarter of the population using connected devices consuming and generating massive amounts of data, it is paramount to regulate the ownership of data to prevent unauthorized access and loss in the event of a security breach. Recent developments including RBI’s move to make payment system operators to store data in local datacenters and Justice BN Srikrishna-led committee on data protection to that may restrict the mandate to sensitive personal information.
The last few months were witness to large scale data breach from global MNCs including Facebook;s ordeal with Cambridge Analytica, US telecoms (AT&T, Verizon) sharing data to partners. Prior and such incidents have led to increased focus on data ownership necessitating the need for better compliance to protect privacy concerns of citizens. With regulations mandating local data storage, it is expected that law enforcement agencies and government would have immediate and unfettered access to track criminal activities aiding national security and user privacy. The counter effect of these compliance initiatives will result in the increased cost for business to invest in adding datacenters and servers within India to comply with these regulations.
Justice BN Srikrishna Committee report on Data Localization
This privacy bill seeks for reforms to the way personal data is collected, processed and stored in India. In line with GDPR, the proposition is centred around obtaining prior consent for collecting and storage of personal data. The bill also proposes punishment for offenses related to interception of communication, surveillance, abetment, repeat offenders and offenses by companies.
Titled Indian Privacy Code, 2018, the draft proposes that “all data collected, processed and stored by data controllers and data processors prior to the date on which this Act comes into force shall be destroyed within a period of two years from the date on which this Act comes into force”.
While the committee necessitates the need for data localization, it also highlights the negative impacts of localisation mandate as local servers and data centres must be created adding overhead costs for start-ups, reduces access to global services for consumers, and hinders access to latest technological advances. The report moves on to prescribe that data localization may be considered in certain sensitive sectors and may not be advisable to mandate it across the board.
Impact on Datacenters in India
The proposal is expected to have a positive impact on the datacenter market with local and global players investing to expand datacenter infrastructure, in India. While not disruptive, the proposal’s clarification on the need for data localization only for sensitive sectors, will propel government and citizen service agencies, fintech service providers among others to invest in local datacenters. Vendors in the colocation and managed hosting services stand to gain from the immediate demand for the necessary infrastructure possibly arising from the proposal. In addition, the adoption and the growth in startups working on storage intensive technologies like IoT, AI, machine learning and analytics will continue to drive the market for scalable infrastructure and datacenter interconnects.
– Gowtham Kumar
Senior Manager, ICT Research