NEW DELHI: As companies, as well as governments, around the world embrace Cloud computing, the growing demand for data localisation has put the service providers in a fix.
To think of it, the demand for data localisation, or asking companies to store data in servers located within the borders of a country appears to kill the very purpose of Cloud computing which makes it possible to store, manage and process data and from remote data centres via the Internet.
But governments have their own concerns, especially when security becomes an issue due to free flow of data across borders. As data is also seen as a valuable resource, having control over it is believed to be a legitimate demand which may help the country prosper.
India has also joined several other countries in the world in demanding data localisation which implies that that data or a copy of it should be hosted on local servers or restrict transfer of data outside national borders.
Be it the Reserve Bank of India (RBI) or the draft Personal Data Protection Bill, 2018 (PDP Bill), most policy statements linked to data governance in the country have argued in favour of data localisation.
In fact, several global giants including Google, Amazon Web Services (AWS), Oracle, and Alibaba Cloud, the cloud computing arm of Alibaba Group, have already set up their Cloud computing regions in India.
But a new report from industry body Internet and Mobile Association of India (IAMAI) has cautioned against imposition of data localisation norms.
There are a number of concerns with operationalising data localisation, according to the report titled “Digital Technology Policy for India’s USD 5 Trillion Economy” released late last month.
The storage of all the country’s critical data within India runs the risk of creating a “honeypot” of such data, which is vulnerable to cyber-attacks, foreign surveillance and other threats, said the report.
There are other challenges that the industry faces in complying with data localisation demands.
According to a report by Indian IT industry body Nasscom, data centre setup costs are approximately 10 per cent higher in India compared to Singapore and Japan.
While data localisations norms may lead to potential boost in investment in Cloud infrastructure in the short term, it may reduce the competitiveness of Indian companies in the long run, according to the report titled “Cloud – Next Wave of Growth in India”.
The report pointed out that the countries in the European Union have witnessed as high as 10-54 per cent increase in cost of Cloud computing services as a result of such localisation norms.
Similarly, Brazil has faced a significant resentment from industry as data localisation curtailed access to innovative foreign solutions.
Data localisation norms may also lead to concerns among consumers about surveillance, reduced access to global privacy and security enhancing services, etc., according to the report.
The IAMAI report highlighted that restrictions on cross-border data flows may lead to loss of market access and the latest technology by businesses in India, particularly start-ups.
“Such fetters may also reduce access to global Cloud service platforms, application programming interfaces and analytical tools that are available in other jurisdictions,” it said.
“This may affect the competitiveness of Indian start-ups by reducing their ability to innovate, work efficiently and balance operational costs against their earnings. Restricting cross-border flows of data may even reduce access to global technological developments, such as developments relating to Blockchain or Artificial Intelligence,” said the report.
To establish India as a global hub for Cloud computing, Nasscom recommends that India should take a balanced view of the impact of data localisation norms on Cloud industry, economy, industry competitiveness and data privacy and enact a data protection law that promotes privacy and security while ensuring industry competitiveness and a vibrant ecosystem for Cloud service providers.
However, it is important for Cloud service providers to ensure that sufficient safeguards are put in place to protect sensitive data.