International Relations Prelims cum Mains

Explained: Why the world is debating data flow

Context

  • The government is due to introduce Personal Data Protection Bill, 2018 in the current session of the parliament.
  • Besides cross-border data flow debate has gained traction at various international foras including the G-20, WTO etc.
  • Japan has been pushing for global governance on cross-border data flow under a framework under WTO called ‘Osaka track’ that advocates ‘Data Free Flow with Trust’.

Image result for data flow across border

In focus: Cross-border data flow debate

Introduction

  • The revolution in e-commerce, big data, social media, IoT, AI-driven solutions in healthcare, education, transportation, infrastructure etc has made digital data is the new engine of growth in the 21st
  • Given the size of digital data that is produced, where the data is generated, collected, stored and used has long-term repercussions how national economies are shaped.
  • As a result debate surrounding cross-border flow of data has assumed the global centre stage.

Relevance of the debate

  • Whenever a message on a social media platform is posted, a product is bought on an e-commerce website or any online transaction is performed the following aspects of data flow become relevant
  • What is the nature of data that is generated?
  • Where it is the data generated?
  • Where is it stored?
  • Where and how is it being sent?
  • How and who uses the data so generated and transmitted?
  • Answers to these question in turn determines
  • Who “owns” the data?
  • Who profits from the data?
  • The profit made out of the data is under which country’s tax jurisdiction?

Illustration

  • A simple online click or a post on your FB page or a search in a search engine or a product you buy on an e-commerce website generates data on your preference, your online behavior, your interests, your needs, your personal data including your name, the bank you are dealing with etc.
  • The data so generated is an asset to the companies that collect and store them.
  • As a user, we do not have control over the use of this data by these companies.
  • Further the misuse of data using data profiling, studying and altering citizen behavior could have serious implications on privacy of the individuals, anti-competitive practices for businesses and national security concerns for nations.
  • As a result policymakers around the world are debating around
  • Control and use of data
  • Transparency in data use thereof
  • Regulating cross-border flow
  • Necessity of data localization
  • Security of data
  • Impact on government revenues.

 

 

Data protection and regulations around the world

GDPR

  • While the European Union’s GDPR (General Data Protection Regulation) provides for greater control over how the data is used to citizens, it provides for free flow of data between borders if adequate data protection framework in there is the recipient country.
  • However it does not provide for mandatory local storage of data.
  • Thus the EU model is emphasizes on privacy protection and free flow of data.

Data Free Flow with Trust of Japan

  • Japan envisions a world in which there is free flow of data across borders to countries with high levels of privacy protection, data security and intellectual property right.
  • Data localization should not be a condition for businesses to do business in a country.
  • The DFFT framework is in line with EU’s GDPR and US.
  • This model is also gaining support of Mexico, Canada, and South Korea which advocates free flow of data at the same time giving citizens greater control over how businesses and governments use personal data.

 

 

India’s stand

The draft Personal Data Protection Bill, 2018 provides for

  • Protection of wide range of personal data
  • Strict regulation of cross-border data flow (law is applicable to extra-territorial entities)
  • Strong data localization: It requires the storage and processing of data on servers located solely within the national borders.
  • In some cases, storage of a copy of the personal data within the territory of India.

Case for Data localization

  • Law enforcement
    • In case of a breach of law, securing the data itself becomes a cumbersome process if it involves legal system of another country.
    • Besides the technology breakdown of the cross-border data networks can have serious impact for enforcing the law.
  • Threat to national security
    • If sensitive personal data like Healthcare, Genetic fingerprints, biometrics, financial history etc, are subject to foreign surveillance, it is tantamount to threat to national security.
  • Compliance
    • If the data is not stored in India, compliance becomes difficult across borders.
    • This is important because as mentioned above the data protection law is intended to be applicable for extra-territorial entities.
  • Law enforcement
    • In case of a breach of law, securing the data itself becomes a cumbersome process if it involves legal system of another country.
    • Besides the technology breakdown of the cross-border data networks can have serious impact for enforcing the law.
  • Threat to national security
    • If sensitive personal data like Healthcare, Genetic fingerprints, biometrics, financial history etc, are subject to foreign surveillance, it is tantamount to threat to national security.

Case against data localization

  • Cost intensive
    • The setting up of server infrastructure in order to store data within India is cost intensive for companies. (10-50% increase for e-commerce companies)
    • Besides compliance cost for small companies will be high.
  • Possible misuse by the state
    • Social media majors like FB are wary of the situations where authoritarian states may misuse the data
  • Trade distortive
    • Recently the U.S. criticised India’s proposed norms on data localisation as ‘most discriminatory’ and ‘trade-distortive’.
  • Discouraging investments
  • Domino effect on other cooperation
    • Different data protection laws in different countries make it difficult for negotiation of commercial agreements including bilateral FTAs
  • Lack of clarity in definition of data misuse
    • The data protection rules currently do not differentiate between data misuse along various scales from data profiling to threat to national security.
  • Nature of social media
    • Social media platforms are not directly affiliated with a transaction

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: