In a game of chicken with the US government, the Indian government appears to be on course to changing its stance on insisting that all data be stored on local servers, including those generated from foreign credit card companies. In a more sinister turn, however, the Bill could also leave Indians with very little control of how their data is being used and to whom it is being sold to for monetisation.
The original draft of the Personal Data Protection Bill 2018, prepared by the ministry of electronics and IT (MeitY), had recommended that a copy of all data be stored locally on Indian servers while “critical” data itself be stored only in India.
One of the biggest cheerleaders for this rule was Reliance chairman Mukesh Ambani, a fellow Gujarati and close ally of Indian Prime Minister Narendra Modi. Having started one of the world’s largest telecom companies Jio to take industry behemoths Airtel and Vodafone head-on, Ambani was fond of uttering phrases such as “data is the new oil”. His stance was that India should not be colonised once again by foreign entities by having to surrender key commodities in the new digital era. What he conveniently omitted however, was that by restricting foreign firms like Amazon and Google from accessing Indian data, the one company that would stand to benefit hugely would be Reliance.
At any rate, last April, the Reserve Bank of India set forth on a number of new regulations that required foreign payment companies to store all of their transactional information on local servers. This caused a hue and cry amongst firms such as Visa and Mastercard who had no option but to comply. Predictably, the Trump Administration has been infuriated by what it views to be restrictive trade practices by India, resulting in the US revoking a preferential trade agreement between the two countries worth $5.6 billion in response. This was then followed by a retaliation by India, which levied import duties on a number of US goods.
What changed things around rapidly however, was a high-level US trade delegation to India in the last few weeks that has successfully strong-armed the Indian government into changing its position. Additionally, MeitY has been vigorously lobbied by senior executives from a host of US companies such as Google and Facebook to try and tweak the Bill in their favour.
So, the new diluted Bill in all likelihood will recant on all of the previous positions that the draft version had charted out: Now data that is neither critical nor sensitive can be stored anywhere. Moreover, according to the Economic Times, even MeiTy officials were quick to suggest a compromise wherein critical data could now be held abroad if a bilateral cross-border agreement with a particular nation for data flow is in place. Previously, there were over five instances where storing data outside of India would attract a jail term for violations, but this has now been reduced to one.
At the end of the day, are these changes simply craven? After all, it’s reasonable to predict that being forced to save one copy of all data can end up being a prohibitively expensive affair. It can also increase compliance burdens on firms. Also, not allowing credit card companies to store information on their servers can make fraud detection cumbersome and inefficient.
However, the real debate around the Bill is whether the government has acted with the interests of its citizens at heart, according to Scroll. The current government has claimed that its citizens’ privacy is of paramount importance. Yet this is the same government that argued in front of the Supreme Court of India that its citizens had no fundamental right to privacy, a notion that was unanimously rejected by the bench. Critics have said the nationalist BJP government’s actions have only paid lip service to the notion of privacy, while it actually sees personal data as a national resource, something it can flog to whomsoever it wishes.
As the Scroll article mentioned, the lower house of the Indian Parliament passed the Aadhar Amendment Bill last week, which would permit the commercial use of Aadhaar, India’s biometric unique identification system that was originally developed to be used only to deliver welfare benefits. On that same day, Parliament also amended the Economic Survey’s chapter on data, adding: “Datasets may be sold to analytics agencies that process the data, generate insights, and sell the insights further to the corporate sector, which may in turn use these insights to predict demand, discover untapped markets or innovate new products”.
In other words, the Economic Survey envisions giving government the ability to monetise information — by selling the information to corporations — all the while not having to gain consent as it is mandatory for Indian citizens to provide this information. It would seem that the Orwellian prognostication is alive and well in India with most of its data crazy citizens unaware or blissfully unconcerned about the implications of what all of this means to them.―ZD Net