The Indian government will insist that “critically sensitive” electronic data be stored in servers within the country while other data may be allowed to be stored abroad. In some cases, however, mirror sites within the country will be insisted upon.
Officials said that in a legislation which may come before the Parliament soon, the government would insist that only this category of data, including data on financial transactions within the country, health, social orientation, etc., be stored locally since they are “critically sensitive” and be made available to the state if the need arises on security grounds.
“Other data such as whether you like buying mobile phones or eating burgers could be stored abroad… that data storage decision would be a commercial one for the company which has the data,” they explained. Many firms prefer to store data in places like Ireland where costs and taxes are relatively lower.
India has been in talks with US authorities over its data storage rules ever since the RBI mandated that data on Indian financial transactions have to be stored locally. US State and Commerce Secretaries have both raised the issue, as have American financial giants including Mastercard.
Officials said the whole issue first arose when, after the November 26, 2008 terror attack on Mumbai, India’s intelligence agencies sought certain data pertaining to Indian citizens from internet-based social media firms, who were extremely reluctant to share it.
However, after initially toying with the idea of forcing firms dealing with data on Indians to store it locally, the government has realized that having encryption keys which allow them to monitor such data was more important.
This, top officials admit, was the reason why Indian security agencies – the Research & Analysis Wing and Intelligence Bureau – have been demanding encryption codes from global social media giants, though not very successfully so far.
Mahesh Uppal, a telecom regulation consultant who has served on several official e-governance committees agreed, “It does not matter where you store data but rather who controls it.”
Control over data and the information highway being built around 5G technology is also behind the battle between the US and China, where the former has been trying to keep out Chinese telecom giants like Huawei from the 5G infrastructure of its allies and major countries like India.
The RBI, in guidelines reiterated earlier this year, has said that data on end-to-end transaction details and payment or settlement transactions including customer data and payment sensitive data has to be stored within the country. Only cross border transaction data can be retained abroad, though copies of that may also be required to be stored here in some cases.