New Delhi: Data restriction policies would limit exports of digital services from India and could lead to a decline of 0.2 to 0.34 per cent in the country's GDP. For the 2025 target size of the economy, this would imply a gap of $9 billion to $17 billion, according to the UN's trade body.
India has a relatively large digital service industry, with strong links abroad. The Indian states with larger information technology sectors have higher standards of living and attract more foreign direct investment. Likewise, higher digital services exports are associated with more innovation in terms of patents filed and number of start-ups. Hence, India is an illustration of benefits arising from free data flows. However, data restrictions are adverse to development, leading to a sizable loss in digital service exports and GDP, said Unctad in its report on digital economy.
India is increasingly shifting towards a regulatory model primarily focused on maximising the economic and social benefits of data and data-driven sectors for its citizens and the domestic economy, and minimising revenue flows to companies based in digitally advanced economies. The underlying idea behind this approach is shielding India from "data colonialism" or preventing rich countries from deriving benefits from cross-border data flows at the cost of Indian interests.
The Personal Data Protection Bill 2019 and the Draft National E-Commerce Policy clearly outline India’s ambition to build its digital sector by capitalising on the data of its people through data localisation measures.
The Personal Data Protection Bill requires a copy of sensitive personal data to be stored in India, and further prohibits cross-border transfers of critical personal data. Sensitive personal data are defined as financial data, health data, official identifier, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, religious or political belief or affiliation, or any other data categorised as sensitive personal data by the government. Given the broad definition of sensitive personal data, the proposed legislation creates a greater compliance burden for companies. The government can consider any data as falling within the scope of "critical personal data", because this term is not defined.
The Draft National E-Commerce Policy envisages broad data localisation measures, although it does not include any explicit restrictions on cross-border flows of non-personal data. However, more recently, a report by the Committee of Experts on Non-Personal Data, established by the Ministry of Electronics and Information Technology, has recommended data localisation requirements for some categories of non-personal data.
These regulations are intended to develop domestic digital start-ups or "data champions" and thereby push back against the "data colonialism" of big technology companies. Certain civil society bodies have expressed concerns that the Draft Data Protection Bill does not contain adequate checks and balances, especially because any governmental agency can be exempted from the law.
Due to the unusually large size of the market, coupled with the presence of tech start-ups and adequate number of engineers, data localisation is likely to decrease pressure from foreign competitors and improve market opportunities for local companies. However, such measures entail costs for consumers as domestic options were not as efficient or cost-effective as cloud services offered by Amazon and Google, besides reducing choices and decreasing quality of digital services.