Fundamentals on Data localisation:Data Storage and Data Protection

-

Data storage and data protection are the urgent focus areas of governments and private institutions around the world. The current debate generated by India’s stand on data localisation, has its origin in the provisions of local laws on data of countries like China, Russia and now India, in contrast to the laws of the US, Japan and some EU nations. Foreign governments and companies have strongly opposed India’s localisation norms. India’s Economic Survey 2018-19 of 4 July 2019 has a full chapter on data, and proposes that India view data as a public good.

Here are some fundamentals about data localisation.

1. What is data localisation?

Data localisation is the practice of physically storing data on servers located within a country’s  territory.

Data localisation can be of different types such as:

a. storage of data only on local servers; or
b. storage of data on local servers as well as foreign servers.

2. What are the different types of data?

Data is typically referred to as ‘personal data’ that encompasses personal, public and corporate data. It includes:

a. Personal data of two types: (i) natural person or individual like Aadhaar or medical information, which covers sensitive personal data, such as passwords and biometrics; and (ii) an entity, i.e. a company, a college etc.;
b. Public data: government data like the Census.
Where is India-generated data currently stored?

The most popular hosting location in the world is the U.S. which has 42% of the host servers of the world’s top 1 million sites.This is followed by Europe, with 31% of host servers. Most of the data generated in India by global companies is stored on foreign servers. For example, Amazon India stores the data generated in India on foreign servers.This is because India has limited infrastructure and as yet no central legislation that mandates where data should be stored.

There are new business opportunities to be had in the data localisation space, such as enhancing transaction speed.

4. What are the arguments in favour of and against data localisation?

a. Countries support localisation for the following reasons:

(i) Strong regulatory oversight: better control by the country’s government over businesses operating within its jurisdiction
(ii) National security including effective law enforcement: instant and 24×7 access to data
(iii) Risk mitigation: prevents hacking and phishing attacks which are on the rise globally
(iv) Data sovereignty: protection from foreign surveillance

b. Countries oppose localisation for the following reasons:

(i) Excessive compliance – and therefore additional costs – for companies
(ii) Increased capital investment for building data infrastructure by companies
(iii) Discourages innovation – especially of start-ups and the SME sector
(iv) Barrier to trade and investment
(v) Sets a unilateral precedent for other countries to emulate.

5.Is data storage the same as data localisation?

No. Data storage is the act of retaining data on a storage medium. It is the overarching concept of which data localisation is a sub-set.

Data can be stored anywhere:

a. on foreign and Indian servers;
b. only on Indian servers; or
c. only on foreign servers.

The localised storage of data occurs in a. and b.

6. What is cross-border flow of data?

Cross-border flow of data is the movement or transfer of data from a server located in one country to a server in another country

7. Is cross-border flow of data different from data localisation? What is the link between the two?

Data localisation and cross-border flow of data can run concurrently subject to a country’s law.

8. What is data ownership?

The person to whom the data relates and who has legal rights over their data, is the data owner.

A data owner is often referred to as a ‘data principal’ or ‘data subject’ under local legislations. For example, under India’s Personal Data Protection Bill, 2018, a data principal is the person to whom the data relates.

The global discussion on data ownership, a concept which is more fundamental than localisation, is at a nascent stage.

9.Is data usage different from data processing?

Data usage flows from data ownership. Data processing is a technical term for data usage.

10. What is data mirroring?

Data mirroring is the practice of taking a copy of the data to or by another country, subject to local laws. For example, under the current Personal Data Protection Bill of India, data mirroring is allowed for personal data, but excludes sensitive personal data like biometric scans, sexual orientation and passwords.

11. What is data sovereignty?

Data sovereignty means that data is subject to the laws of a country.

12. Is data privacy the same as data protection?

No. There is a fine distinction between data privacy and data protection. Data protection is the mechanism of securing data from unauthorised or unlawful access.

On the other hand, data privacy is a legal concept that governs the control and use of the data.

In India, in August 2017, the Hon’ble Supreme Court of India held the right to privacy to be a fundamental right under the Constitution of India in the landmark case of Justice K.S. Puttaswamy (Retd.) & Anr. v. Union of India and Ors. This was followed by the Sri Krishna Committee Report on data protection, which is the basis of India’s Personal Data Protection Bill, 2018. It adopted the Supreme Court judgment, defining data privacy as the “right to autonomy and self-determination in respect of one’s personal data”.

The concept of data privacy is embedded in the Personal Data Protection Bill, 2018.

13. What is the Osaka Track on worldwide data governance?

The Osaka Track is a plurilateral framework to promote the cross-border flow of data, supplemented with increased protection. It was formally introduced by Japanese Prime Minister Shinzo Abe at the G20 Summit in Osaka in June 2019. The Osaka Track is based on the concept of “Data Free Flow with Trust” which calls for global rules on the free flow of data with adequate protection mechanisms. It seeks to encourage the interoperability of data regulatory frameworks in the interest of fast-paced development of economies.

Amongst the G20 member countries, India, South Africa and Indonesia have abstained from signing on to the Osaka Track.

What is the extant (existing) data protection legislation in India?

At present, India does not have a central law on data protection. The Information Technology Act, 2000 and its allied rules, such as the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, contain limited provisions on data protection. A separate Personal Data Protection Bill, 2018, mooted to be India’s only central legislation on data protection (which includes data privacy), is awaiting Cabinet approval.

Meanwhile, regulators and statutory bodies, such as the Reserve Bank of India (RBI) and the Telecom Regulatory Authority of India, have framed their own law on data. For example, a 6 April 2018 notification,issued by the RBI, mandated data localisation for payments systems operating in India. Foreign companies such as Mastercard have strongly opposed the RBI notification because of the adverse impact it has on the company’s data processing on a global scale and the capital investment to build the requisite data infrastructure in India.

15. What is India’s stand on data localisation?

India believes that data localisation is critical, given the large amount of data generated in India. By 2020, India is projected to generate 2.3 million petabytes (1 petabyte = 1 million GB) of data, which is twice the growth of the global rate.

16. What is the stand of other nations on data localisation?

China supports India on data localisation; it understands the potential of data generated in a large consumer market. China has implemented a stringent law on data localisation which is broad in its scope and application.Countries like Russia, Brazil, Vietnam, Indonesia, Brunei, Iran, Australia, South Korea and Nigeria have also introduced data localisation legislations.

In contrast, the U.S. and Japan are examples of countries which oppose data localisation. They support the free flow of data across borders. Even though the U.S. is against data localisation, in 2018, it enacted a federal legislation, Clarifying Lawful Overseas Use of Data (CLOUD) Act, which allows the U.S. government to lawfully request for data stored overseas by entities that are subject to U.S. jurisdiction, including U.S. companies and their subsidiaries. For example, if a subsidiary of Apple Inc. U.S. has data stored in the EU or India, U.S. law enforcement authorities have the right to access that data.

Comments

Post a Comment

Popular posts from this blog

Sattiriya Dance

-
Sattariya Dance origins from Assam. It is devotional dance centered devoted to Lord krishna and related to Vaishnavism.This dance is nurtured and preserved with great commitments by Sattire i.e. Monastries. This dance is accompanied by a set of musical composition called Borgeets. And  the dance is accredited to 15th century's Bhakti Movement scholar and saint named Mahapurusha Sankardev. The theme of the dance based on Mythological. Now the theme has diversefied a bit from the past. Costumes used for the dance is made of Assamese silk called " Pat Silk". The dance involves in form of Tandava and Lasya. Traditionally this dance is performed by male monks called Bhokots  Initially it was performed by men only but presently performed by both genders as a group form dance.  Recently it is recognised in 2000 by Sangeet Natak Academy. Exponents of the dance form are 1) Bapuram Barbayan Atai, 2) Pradip Chaliha.
Read more

The Chola Period marks a distinct and significant period in the art and architecture of India

-
Art and architecture in India reached its climax during Chola period. Chola style of temple architecture was unique due to the emergence of new style called Dravidian style, which was confined mostly to the South India. Chola rulers were wealthy enough to build message palaces with spacious Garden and terraces the use to Mark their victory over other state by building temples that is why number of temples are built during this period Chola style of architecture  This architecture developed under the chola regime  temples surrounded by boundary walls  High entrance gateway gopuram  This follows panchayatn style for principal shine and four subsidiary shrines  The stepped pyramid that rises up is called vimana  Crowning form in octagon its similar to the kalash in nagara style but not spherical  On the main temple the vimana on subsidiary shrine temple there is no vimana  The assembly hall connected with garbgriha using the tunnel that tunnel is called antarala.  T
Read more

Interior of the Earth

-
Direct Sources: Mining and deep drilling projects have provided large volume of information through the analysis of materials collected at different depths. Also when  the molten material (magma) is thrown onto the surface of the earth, during volcanic eruption it becomes available for laboratory analysis. •Indirect Sources  Analysis of properties of matter indirectly provides information about the interior. Through the  mining activity, it  is  known that  temperature and  pressure increase  with the  increasing distance from the surface towards the interior in deeper depths. •Also, the density of the material  also  increases  with depth. Knowing the total  thickness  of the earth, scientists have estimated  the values of temperature, pressure and the density of materials  at different depths. Another source of information are the meteors that at times reach the earth. •The material and the structure observed in the meteors are similar  to that of the earth. They are solid bodies dev
Read more