We use cookies to provide some features and experiences in QOSHE

More information  .  Close
Aa Aa Aa
- A +

India may be wrong in insisting on storing user data locally; storage not same as control

10 4 10
09.10.2018

-TV Ramachandran, Kartik Raja & V Sridhar

Amongst a host of recommendations concerning aspects of privacy and consent definitions, the report of the Justice Srikrishna Committee (JSKC) appears to be generating considerable debate and views around its Clause 40 on data ownership: Restrictions on Cross-Border Transfer of Personal Data, which states that:

(1) Every data fiduciary shall ensure the storage, on a server or data centre located in India, of at least one serving copy of personal data to which this Act applies;

(2) The Central Government shall notify categories of personal data as critical personal data that shall only be processed in a server or data centre located in India.

While the clause has sparked heated discussions on what constitutes critical, personal and who decides, this article does not deal with these aspects. We, instead, focus on the recommendation of “processing and storing” of data in India—where there appears to be confusion between data residency or storage and control of data.

Incidentally, it is heartening that a host of governance initiatives like eMudhra and also several private applications are currently being developed on ultramodern distributed ledger (popularly known as blockchains) and edge-computing technologies. By their very definition, such technologies work on global chains of storage where data can reside in any part of the world but access is granted only to those with requisite permissions. These cutting-edge fields........

© The Financial Express