Hemant Upadhyay, Advisor, IT and Telecom, Consumer VOICE

Not long ago, Indian consumers had limited choices – one telephone service provider, three car companies and banks that worked for limited hours. One had to trudge to government offices for accessing even basic information and services. Now, post economic liberalisation, we live in a global village and benefit from the global trade – one can get a telephone connection in less than 10 minutes; there are innumerable car brands to choose from at all price points; and information is available at a click or even through a voice command in our own language. This transformation has been made possible by the advent and increasing adoption of information and communication technologies (ICT) and the internet.

While promoting consumer benefits, the internet also poses many challenges, especially those related to privacy and data protection. In the name of data protection, many governments around the world are enacting regulatory restrictions, especially for commercial use. Data localisation, that is, mandatory storage of data only on servers physically located within the country is one such restriction. How­ever, from past practices, it is evident that it is not possible to ensure consumer protection just by creating such mandates. For example, in India, telecom service pro­viders are mandated to store the data of domestic users, within the country. Such a mandate did not prevent telemarketers and other actors from accessing such data without user consent.

Another example is the creditworthiness score generated by a private company, which has become a de facto standard for financial and lending companies in the country. The data for creating this score is shared by banks and other financial institutions, sometimes without the informed consent of consumers, which is a clear breach of consumer privacy.

Another often-cited reason for data localisation is the promotion of local industry. India is the third largest hub of start-ups in the world. Our very own Flip­kart, Zomato, Practo and countless other start-ups leverage the global internet infrastructure to grow and provide choices to consumers across the world and none of these innovations were propelled or benefited by data localisation.

In the larger export ecosystem, Indian exporters are now increasingly focused on technology-based, value-added products. In fact, for­ced data localisation with a commemorative protection mechanism is likely to produce a co­­u­n­ter­productive im­pact on both the exp­ort as well as startup ecosystem. In India, the cost of accessing/creating IT infra­structure will go up, resulting in fewer innovations and there is a likelihood of acc­ess to global markets becoming limited for indigenous start-ups as other countries too start mandating data localisation.

In the recent past, there is an increasing trend of launching “global first in India,” that is, global products and services are lau­n­ched first in India. This is unpre­ce­dented. Consumers in the country are benefiting from such launches. A recent industry rep­ort states that over one-third of the total global online shopper base shops from web­­sites outside their home country. For­ced data localisation would prevent global companies from launching their pro­ducts and services in India and cut off our country from the global innovation engines.

There are many studies that clearly demonstrate that while data localisation may seem like a good idea in the short run, it will ultimately harm the overall globalisation of the economy. An international report has quantified harm to the Indian economy and states that the potential impact on India’s gross domestic product (GDP) may be -0.8 per cent, domestic investments -1.4 per cent and the loss per worker may be equivalent to 11 per cent of the average monthly salary. All these may result in limiting the consumer choices within the country.

We have seen from our past experience that ideally isolationist economic measures do not benefit consumers and, in many cases, actually lead to consumer harm. Given the pervasiveness of the internet in our lives, India cannot and should not isolate itself again. Even the most recent European Union’s consumer protection measure – General Data Protection Regu­lation (GDPR) – does not mandate data localisation.

Splintering of the internet would exacerbate the digital divide and disempower consumers. India needs to continue to support the open internet ecosystem, for it is only an open internet that will ensure continued consu­mer benefit.