The Author, Bhumesh Verma is a s a Corporate Lawyer with over 2 decades of experience in advising domestic and international clients, with a place in “The A-List – India’s Top 100 Lawyers” by India Business Law Journal. He keeps writing frequently on FDI, M&A and other corporate matters.
Data localization is the prospect of physical data storage and preservation within the borders of a specific country where the data is generated.
In an attempt to keep a track of all the data related to the regional transactions of all companies – the Reserve Bank of India (RBI) has made it mandatory for the companies conducting business in India to preserve and maintain all the data related to the transactions contemplated in the country via ‘Data Localization’ directive.
However, it seems that the RBI decision of ‘Data Localization’ did not go well with certain national and international companies – accordingly, these companies have raised objections to ‘Data Localization’ directives and are asking for easing these norms.
These companies are of the opinion that the enforcement of ‘Data Localization’ directive will enhance their infrastructure costs, disrupt the global fraud detection analytic platforms and impinge on planned investments in India.
Requests are received by the RBI from certain international payment companies to ease the data storage directive (mandatory local storage within India of all domestic payment transactions).
The RBI is keen on implementing the ‘Data Localization’ directive without extending the existing deadline (October 15, 2018) or permit the data storage both locally and offshore (Data Mirroring).
A team of United States senators’ has urged the central government to soften the ‘Data Localization’ directive to facilitate free flow of data across borders and have expressed concerns over the data protection law and e-commerce policy.
The team is of the opinion that the ‘Data localization’ as a fundamental issue in the digital trade development and crucial prospect in influencing the India-United States economic partnership.
The team has suggested that all the data access, data protection and data security concerns can be resolved without imposing the restriction on the location of the data storage.
Apart from the ‘Data localization’, the central government is focusing on developing and enforcing certain other policies (Overarching data protection law, e-commerce policy and cloud computing polices).
RBI’s tough stand is based on Indian data experts’ views that the proposed measures are crucial for the long-term strategic and economic interest of the country.
Absence of these data laws and directives make it highly difficult for Indian investigation authorities to get first hand information related to the investigation taking place in India as foreign authorities won’t grant access to Indian authorities to data stored on foreign soil.
Given the string of high profile frauds in the country recently, these data laws and directives will facilitate the Indian authorities to gain instant access to the data stored in India in relation to any investigation conducted by the government or regulatory authority.
Following the Facebook’s Cambridge Analytic scandal all the major world countries including India are imposing stern data protection rules in relation to regulation of data storage and data protection.
As there is an upsurge in the data breach and fraud/scam cases in India the central government efforts to establish stern data laws and directives is the need of the hour.
Strict enforcement of the data laws and directives will assist the nation to fortify the data storage and security contrivance at the national front to combat the risks and challenges associated with the data breach and facilitate the investigative authorities to have a seamless access to the data relating to frauds.