The phrase “data is the new oil” has been overused by the western media to its eventual acceptance and obscurity.
Corporations such as tech giants Google and Facebook that rely on data are looking to enter new, relatively untapped markets in the hope of capitalising on them, particularly those in India, China, and Africa.
While the Government of China has been proactive about protecting its data-driven businesses, realising that data is a valuable commodity has accelerated the creation of laws and regulation in the global economy. In particular, the focus is on the use of personal and payment data upon which the global industry is currently seeing unprecedented growth in terms of businesses and services.
Countries such as India, which host emerging data markets, and where local laws rule supreme over the collection, use, and transfer of data, are catching up with the concept of “Data Sovereignty”. Piyush Goyal, India’s minister for
Commerce and Industry, stated at the G20 Trade Ministers’ meeting that countries must have the sovereign right to use their data – whether it be personal, community, or public – for the welfare of the people, and that free trade should not necessarily lead to justification of data free flow.
Data Sovereignty is not a new idea – it has been applied most notably to the case of indigenous people in which the right of ownership and control lies with the ‘people’ the data belongs to. However, the Indian government’s move to establish data controls can also be viewed from the lens of an upcoming digital economy’s wish to have a slice of the global data market pie.
In this viewpoint, the government may wish to regulate the flow of personal data in order to prevent established foreign commercial markets from overwhelming and dominating the rising digital economy. The Digital India Initiative, spearheaded by the Ministry of Electronics and Information Technology along with the Finance Ministry, envisages an ambitious plan in which Aadhar (for all its controversies) is used as the identity for all financial and payment systems, governmental and governance data is digitalised, and ‘smart cities’ are established. There are also plans to digitalise all health records. There are legitimate national security concerns when it comes
to the storage and access of this data – which itself is another aspect of data sovereignty.
Access to a nation’s infrastructure and demographic data is a cause of concern for regions of conflict, especially India, whose national security agenda is primed regarding terrorism.
In the past, this has resulted in unusually intrusive initiatives such as the mandatory linking of mobile phone numbers with individuals, as well as curbing of social freedoms such as restrictions in photography around water reservoirs and security checks in public areas.
The NDA government, which recently secured its second conclusive term since coming into power in 2014, has been aggressive in its policy towards national security. Prime Minister Narendra Modi has broached the topic of national security extensively in his election campaign, which concluded with him securing a second term with a historic win. It is therefore difficult to not view the issue of data sovereignty outside the purview of national security.
The Indian government is pushing to address this issue. At its focal point lies the ownership of data, especially when linked through the Aadhar system. Data sovereignty combines principles of IT management, information assurance, and data protection to address risks arising from trans-border data transfers, especially when the information is managed by a cloud service provider. Global giants in this space -Amazon, Google, and Microsoft – all originate from, and aregoverned by the laws of, a single country, the United States of America (USA). The USA already has laws providing its national security agencies seemingly infinite power in demanding handover of any data, without public knowledge, in the name of national interest. China has stepped even further in its ambition to utilise data as a tool of governance by creating a social credit system that penalises individuals based on adherence to arbitrary norms and customs established by the ruling government.
On the other hand, India has been adopting progressive data protection laws, putting it on par with the rest of the world. India’s proposed data protection law, termed Personal Data Protection Bill (PDPB), is currently awaiting clearance in the Parliament. The law, if passed, shares similarities with the General Data Protection Regulation (GDPR), the European Union’s data protection law and a topic of global interest because of its compliance requirements and significant fines. A major difference between the two is that PDPB restricts processing, storing and collecting data about (Indian) individuals leaving the country (India) before, or instead of, being transferred internationally.
The Supreme Court of India ruled in 2017 that privacy is a fundamental right. This puts India in the shaky middle ground between authoritative regimes such as China which are exploring enforcement through digitalisation and that of the European Union which enforces accountability even upon governmental agencies through GDPR.
When it comes to the future of governance and economy in India, it is inevitable to wonder which way the ball would tumble. Would India adopt a more capitalist outlook by forcing companies to keep their data within the country and drive the economy towards creating highly localised data markets and services? Or would it enforce authoritative mechanisms to provide the government with a big brother outlook on society through using Aadhar and surveillance in the name of national security?
(This post first appeared here in The Tilak Chronicle.)
The views and opinions expressed in the above article belong to the author(s) and do not necessarily represent the official opinion, policy or position of Lokmaanya.