Ever since the major mishap of Cambridge Analytica-Facebook data scandal, India has been actively in talks to strengthen the data protection act of individuals. Inclining to which, India intends to store its citizen’s data, locally. Well! The move seems ambitious but has quite a few loopholes too.
The shortcomings and also the mighty concerns of making this move is the SECURITY of storing the data locally. Although, India’s data centre and cloud business foresee a major growth in the coming few years but the skeptics still remain on the robustness of the infrastructure that such businesses provide.
Majorly, the companies store data in centralized servers managed by large cloud service providers that have sufficient expertise against cyber-attacks, but not many data centres can match that level of security.
This has also raised concerns among the cybersecurity experts who believe that having all Indians’ data accessible in a single place might mean skating on a thin ice. Especially when it is a fact that over 40% of the data breaches that occur in India is majorly due to malicious or criminal intent rather than technological errors.
The point of having the data stored locally is pointless because where is the basic infrastructure needed to host such huge amounts of data?
In recent news, the Indian government has told e-commerce giants such as Amazon to set up their data centres in the country at the earliest. A meeting was also held by Ravi Shankar Prasad, Minister of Electronics and Information Technology and Law & Justice with Amit Agarwal, Global Senior Vice-President and Country Head of Amazon India recently. Ravi Shankar Prasad believes that this initiative must be taken on a priority basis, as generation of data is integral to e-commerce operations. Therefore, safety, security and element of consent for transborder migration of data are equally important.
The government has voiced about data localization, engaging with companies such as Google, WhatsApp and Facebook on the issue in the past too.
“Big foreign companies are welcome to join their effort in India. What concerns me is unbridled migration of data, without the consent of Indians. Therefore, location of servers in India and the element of consent of Indians for use of their data become equally important,” Prasad added.
Currently, there are no such guidelines in India regarding data safety, although, the government is working on a data protection framework based on the recommendations of Justice B.N. Srikrishna-led panel. The move which starts with foreign e-commerce companies asked to set up servers in India, so that the personal data of customers, generated through e-commerce operations, does not go out of the country. The draft national policy for e-commerce also proposes mandatory localization of customer data, where, once the data protection rules come into effect, all the sectors will fall under their purview.
The Minister had told Agarwal during their meeting that they were welcome to do business in India, but generation of the data through e-commerce operations should not be sent out of India. “We are concerned about the safety, security and the element of consent of Indians…therefore you [Amazon] must have your server here and this initiative must be taken on priority,” Prasad said.
The Indian e-commerce market is currently dominated by Amazon and Flipkart. With Walmart acquiring 77% stake in Flipkart, both the companies are technically owned by US-based firms.