Data localisation won't help 'local' firms or improve privacy — but it could cost India $43 billion

Data localisation won't help 'local' firms or improve privacy — but it could cost India $43 billion
Data localisation will also expensive for local firmsUnsplash

  • The Indian government has been a strong propagator of data localisation stating that it will improve the security and privacy of data.
  • A report by ICRIER and IAMAI finds that data localisation is inconsequential to privacy and will weaken fraud detection.
  • It also states that the growth and competitiveness of local firms, especially start-ups and small businesses, will be hampered by data localisation.
The Internet is getting faster, more people are coming online, data consumption is higher than ever — but so are the amount of data breaches.

Financial data in India is already localised but the government is looking to bring all data under the new regime with the Personal Data Protection Bill 2019. Their argument is that is will make data more secure if it's stored in Indian servers.

India's most vocal propagator of data localisation, Mukesh Ambani — the richest man in the country — also believes Indian data should stay in India since 'data is the new oil'. Vijay Shekhar Sharma, founder of the payments service PayTM, proposes that data should be 'stringently domiciled'.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

However, this may not necessarily be the solution to privacy woes, according to a report by ICRIER and IAMAI on the economic implications of cross-border data flows. Not only will data localisation weaken fraud detection but it could also end up costing India $43 billion in trade.

It will also be more costly — not just for global firms but local firms as well. As data localisation turns into an entry barrier, it could result in global retaliation and reduced competitiveness.

One place, one target, one hit

Just because data is stored all in one place, doesn't make it more secure. In fact, like most bank heist movies will tell you, it makes the target easier to hit.

This is not only because all of it will be in one place but because most mature financial services companies use integrate global architectures to manage their data — the localisation of data would impair their functionality.

According to the ICRIER-IAMAI report, the weakening of fraud detection systems would likely lead to a ten-fold increase in fraud losses in India.

"The costs of maintaining and upgrading these systems, unique to each company, will be recurrent and significant," noted the report.

It also added, "The location of data is inconsequential to improving privacy outcomes."

Data localisation isn't so good for the locals either

The digital services market is highly competitive. In order to stay in the running, companies — Indian and otherwise — have to keep their costs as low as possible.

With globalisation and the nature of cloud services, companies can store their data wherever they get the best price — even if that's offshore.

But this will no longer be the case if data localisation is made mandatory. Not only will this make things more expensive for digital firms, but customers may also have to bear the brunt of higher prices, according to the ICRIER-IAMAI report.

In the short run, it is costing small and medium enterprises (SMEs) to migrate to local servers. Indian data centers might not always have the latest features and updates either. That is another long-term pain point.

SMEs have also reported that forcing the development of data centers locally won't only increase the direct cost for businesses but also increase indirect costs — like paying for the power supply.

Localisation isn't that good for the customers either

Data localisation will mean that it will be harder for foreign countries to enter the Indian market — a barrier to entry. With fewer companies populating the market, competitiveness will take a hit.

That means two things — one, the quality of products and the level of innovation will reduce and two, prices are likely to increase.

According to the report, companies also fear global retaliation if India is too stringent with its localisation measures — such as higher customs and export restrictions. This will, again, increase the cost of products in the country.

It's not that India shouldn't implement data location but 'data' shouldn't be used as a blanket term. Softening the localisation measures to critical or sensitive datasets would minimise the opportunity costs.

If India keeps its data borders open, it will increase its total volume of goods trade by an estimated $43 billion annually as cross border data flows increase. Over the past year, India's total Internet bandwidth increased by 35% resulting in $24 billion in trade.

See also:
Here’s what global tech CEOs have to say about India's data protection laws

An Indian lobby with the likes of Facebook, Flipkart, and Microsoft as members is still arguing against storing data in India

Indian companies know how to sell data but not how to protect it