Abstract:
India finds itself at a key juncture in the development of a data governance framework for the data of Indian citizens. The Personal Data Protection Bill 2019 introduced data localization requirements that mandate certain types of data to be stored and/or processed only within territorial boundaries of India and restricting the flow of data contingent on certain preconditions such as adequate level of protection being met. The framework proposed for India has sparked debates that are polarised and contentions exist on the alignment of data localisation with the objectives it is proposed to achieve. This research conducts an in depth and objective analysis of the complete Data Localisation framework for India. The research first expands the context of data localisation and unpacks the ‘why’ behind the introduction of
the requirements. Next, given that existing studies do not take a comprehensive approach to assessing the framework proposed for India, this research analyses the stated objectives, the background of the issues and the efficacy of data localisation in resolving these. The study then conducts a cost benefit and case study based analysis of the proposed conditional data flow mechanisms that will play a key role in striking the balance between regulating data flows and participating in the global digital economy. The research finds that data localisation by itself is of limited utility in achieving the objectives and also raises security concerns and economic costs. Thus, the research proposes a set of multi dimensional policy recommendations to mitigate the costs arising and plug the gaps that are not addressed by the current framework.
