New Delhi, Sep 25 (IANS) With the government trying to bring a new data protection law to ensure the security and privacy of its citizens in the digital economy, a new report from industry body Internet and Mobile Association of India (IAMAI) has cautioned against imposition of data localisation.
India does not have a specific legislation that regulates data protection, but this is set to change with the enactment of the proposed Personal Data Protection Bill, 2018 (PDP Bill).
All the legislative and policy developments on data governance in the country thus far have advocated data localisation — the storage of personal data on servers located in India, said the report titled “Digital Technology Policy for India’s USD 5 Trillion Economy” released on Tuesday.
However, there are a number of concerns with operationalising data localisation. First, the storage of all the country’s critical data within India runs the risk of creating a “honeypot” of such data, which is vulnerable to cyber-attacks, foreign surveillance and other threats, said the report.
Citing a couple of studies, the report went on to argue that data localisation may have potentially harmful consequences for the Indian economy.
The European Centre for International Political Economy (ECIPE) has found that economy-wide data localisation laws drain between 0.7 per cent and 1.1 per cent of GDP from the economy for no benefit, since “any gains stemming from data localisation are too small to outweigh losses in terms of welfare and output in the general economy”, the report said.
“Given the harmful consequences associated with mandatory data localisation, it is recommended that the government should reconsider the imposition of ‘hard’ data localisation,” said the report.
“Alternatively, an incentive framework should be created to incentivise a voluntary shift to storage on local data servers in India in the long term, without disrupting ease of doing business in the country,” it added.
The study also recommended removal of criminal penalties from the PDP Bill.
Offences under the proposed PDP Bill are punishable with criminal penalties that include imprisonment of up to 5 years.
“Such penalties are excessively harsh and disproportionate, particularly since the civil penalties themselves function as effective deterrents against data breaches and other violations of the PDP Bill. Further, criminal penalties would disincentivise small and medium sized enterprises from participating in the digital economy,” said the report.
Technology and digitisation will play a key role in achieving the target of making India a $5 trillion economy by 2024, said the report, adding that to ensure fast and efficient digitalisation, India’s regulatory approach should focus on regulation of the “core” industry players, and not entities that fall on the “edge” of the regulatory spectrum.
The report presents a set of guiding principles that may be used in the making of the appropriate technology policy that India needs to become a $5 trillion economy by 2024.