It hasn’t been long since European Union’s General Data Protection Regulation (GDPR) grabbed the attention of the data privacy advocates. Having struck with a similar data protection wave, India is now planning to locally process and store critical personal data.
According to a report by a noted news agency, Kris Gopalakrishnan, co-founder of Infosys, is heading a panel that would soon release a policy recommending to mandate on data localisation in the country. While the report is set to be released later in September, it has already caught the attention of the tech community from across the globe, as it could prove to be a huge blow to tech giants such as Amazon and Microsoft, who have been offering these services for Indian companies for a while now.
Restricting The Cloud Market
Experts from across the globe are of an opinion that citizen data should be stored in local data centres and therefore efforts are being made to restrict the movement of data outside the country’s border. Apart from GDPR in EU, China has also brought up a cloud computing law. The idea is to store information locally so that authorities can have an easy access to data to ensure security or conduct investigation.
As far as the Indian data localisation policy is concerned, reports suggest that a forward-looking data protection regime is needed because India’s IT laws don’t cover cloud computing sufficiently or in detail. Moreover, data sovereignty has been a leading agenda of the government as suggested in the draft of National Digital Communications Policy released earlier this year.
Need For Data Localisation
As India is keen on introducing data protection laws, it comes as a no surprise that the government is looking to promote data localisation and streamline crucial areas like digital payments and e-commerce, among others.
The need for localisation comes at a point when there is a worldwide debate going on around the global security and how companies store user data. While the need of for data localisation has been there for a long time, it got intensified after the RBI advised payment system operators in the country to store customer data locally to prevent possible foreign surveillance. Other instances such as the Cambridge Analytica-Facebook scandal has also called for a need to restrict data flow.
Amidst all the discussion, Paytm has come up with its own Make In India version of the AI cloud for storing data locally. It has launched a cloud computing platform in partnership with Alibaba which is aimed at developers, startups and enterprises. According to a statement released by Paytm, the AI-powered cloud computing platform has been made in India and offers a suite of business-centric apps. The Paytm AI Cloud processes and stores all consumer data locally in servers located in India while conforming to the security and privacy standards.
Impact On Global Players
With this move, global cloud service providers like Google, Amazon and Microsoft will be drastically affected, owing to their significant presence in the country.
The only way forward would be to build additional data centres locally and ensuring that there is no flow of data from domestic to foreign data centres, accidentally or programmatically. Given that several global companies already exist in the marketplace, it might be hard to completely eliminate them. However, a little tweaking might make them suitable to compete with the local market.
While most experts believe that there would be no long-term negative impact on the big cloud players, Mozilla in a blog post had written that a data localisation mandate would undermine user security, harm the growth and competitiveness of Indian industry, and potentially burden relations between India and other countries.
Impact On AI Development
Apart from the impact on local and global cloud providers, the larger impact of restricted cloud market could be seen on other companies, especially those startups that rely on customer datasets to power their artificial intelligence models. Data-driven technologies such as AI and the internet of things might find it hard to comply with data localisation requirements.
That is because, these models are largely trained on global data as of now, and to change bases to Indian datasets might be a challenge. It also raises a question if these changes in regulation would be robust enough to handle global startup innovation.
Echoing his thoughts on the dependence on global players, Ashim Roy of Cardiotrack in an interview with AIM had shared that India should thoroughly start using indigenous AI solutions to break the dependency on technologies from the west. He had suggested that not only it leaves companies and government at the whims of the US trade or foreign policy but also jeopardises the exposure to sensitive data.
Having local control of data has its own advantages and challenges. On one hand, while it would trigger the cost for public cloud storage to go up owing to the need to expand data centre capacity, it also calls for various permits to have in place. While the panel intends to address this by developing a national cloud strategy that could bring cloud service providers under a single regulatory and policy framework, it would take its own sweet time to streamline the process.
Despite the shortfalls, it would nevertheless give Indian companies and government an ease of access to data, if it is parked locally.