5 India’s engagement with global trade regimes on cross-border data flows

Arindrajit Basu

I. Introduction[1]

With nations and multi-national corporations increasingly treating data as a resource to be curated and monetised, cross-border data flows have become a key opportunity for states and a critical question for data governance both domestically and at global trade forums. Several states, including India have treated both domestic policy-making and global negotiations on cross border flows as a strategic priority.

The debate on cross border flows hinges on three ideological nodes between the United States, the European Union, and China.[2] The United States, drawing largely from the ideal of the open internet, stresses that data should flow where it can be processed most efficiently and create the most economic value. The European Union is opposed to restrictions on the free flow of data by territorial states. However, in line with its commitment to human rights, through regulations like the General Data Protection Regulation (GDPR), it seeks to prevent personal data about EU citizens leaving the EU or the European Economic Area (EEA) unless the other jurisdiction can prove that they provide privacy protections equivalent to that of the EU. Finally, the Chinese vision is dependent on storing data within territorial borders (known as ‘data localisation’) coupled with unfettered state access to this data. These three ideological nodes have been reflected in the split at global trade negotiations on cross-border data flows with the EU and the US joining developed nations such as Australia, Japan, and Singapore to push for agreements that limit regulatory restrictions on cross border flows, and emerging economies like India and South Africa pushing for their ‘sovereign’ right to impose these restrictions.

Through domestic regulatory efforts, public statements, and behavior at trade forums, India has driven the agenda of the camp for sovereign restrictions. However, while this position has seen significant media coverage and been bolstered by political rhetoric, it is far from set in stone, and continues to evolve  based on a variety of factors.

While existing literature has dissected the substantive contents of India’s stances on cross-border data flows and data localisation[3], there is little reasoning on the factors shaping India’s negotiating stances. Recent research by Nachiappan[4] on India’s multilateral posturing has demonstrated that the nature and extent of India’s participation in multilateral negotiations is a function of three factors: economic or security strategic interests in the issue; institutional capacity and views within government; and the views and influence of domestic stakeholders including both civil society and business actors. When it comes to engagement with global forums on technology, there is no apparent ‘technology doctrine’ driving the various components of India’s strategy. Therefore, rather than searching for convenient and overarching models or labels that explain India’s behaviour in terms of their counterparts, I adopt Nachiappan’s framework and scrutinize the empirical factors driving India’s engagement, and the strategic interests that underpin this.

In this paper, I do not aim to evaluate the merits of the substantive contributions made by India. Further, I limit the scope to India’s engagement on cross border data flows at trade regimes because trade regimes have served as the forums for negotiation on this question. My analysis does not extend to data governance writ large. Consequently, I eschew analysis of other regimes on data governance like competition, taxation and the governance of Artificial Intelligence (AI) (unless it is relevant for the analysis of cross border data flows).

I divide this paper into four sections. First, I summarise the global debates and regulatory approaches to cross border data flows. Then I summarize India’s approach to cross-border data flows-including engagement at global trade forums and the domestic regulation that underpins it. Finally, I assess the empirical factors driving this engagement and conclude with some observations on how these factors will shape India’s behavior on cross border data flows going forward.

 

II. Global developments on cross border-data flows

Cross border data flows have been touted as the “hallmarks of 21st century globalization[5] and the “lifeblood of the modern economy.”[6] McKinsey Global Institute estimated that international data flows added USD 2.8 trillion to the world economy, and estimated this figure to grow to USD 11 trillion by 2025[7]. Big tech corporations undoubtedly benefit from the free flow of data as they are able to economically exploit and derive value from individual data generated all over the world, while still storing data in selected jurisdictions such as the United States. This has been used to evade multi-jurisdictional accountability. Given this reality, regulation of data flow has been a significant point of divergence at multilateral forums and trade negotiations.

 

A. Multilateral Framework

The present legal framework governing the World Trade Organization (WTO) was created well before the advent of the internet and was not geared towards regulating cyberspace as it exists today.[8] Discussion on e-commerce at the WTO kicked off with the first Ministerial Conference in Singapore where members made principled commitments to increase digital trade under the aegis of the WTO. Subsequently, at the Geneva Ministerial in 1998, a comprehensive work programme (‘Work Programme’) on e-commerce was set up and a moratorium on customs duties on e-commerce was also duly agreed upon[9]. Since 1998 several developed countries have expressed concern regarding the slow pace of progress of this Work Programme[10]. Therefore, member states put forth proposals seeking to alter the existing Work Programme before the eleventh WTO Ministerial Conference (MC11) in Buenos Aires.[11]

After MC11, over 70 member states agreed to “initiate exploratory work together toward future WTO negotiations on trade-related aspects of electronic commerce.”[12] This initiative, known as the Joint Statement Initiative (JSI), was formally launched in January 2019.[13] China, along with other emerging economies such as Indonesia who disagreed with most other members of the JSI joined the initiative in 2019 to play an active role in the negotiations, although they had initially chosen to sit out.[14] Meanwhile, India and South Africa have opted out of the JSI and contested its legal validity.[15] They  remain committed to reinvigorating the 1998 Work Programme as the appropriate negotiating platform.[16] However, JSI members remain keen to drive negotiations forward, noting in 2021 that “several legally viable pathways exist.”[17]

This debate received further traction at the G20 Osaka Summit in June 2019 with the launching of the Osaka Declaration on Digital Economy. The ‘Osaka Track’ aims to catalyze international rule-making on global cross-border data flows and trade in e-commerce along with intellectual property protections.[18] Spear-headed by Shinzo Abe, who was then Japan’s Prime Minister, it is based on the notion of ‘data free flow with trust,’ and endorses the January 2019 WTO Declaration on E-commerce.[19] Notably, China, the European Union and the United States signed onto the Osaka Track while India, Indonesia and South Africa did not.[20]

2021 was a key year for realizing the priorities of JSI members at the WTO. At the time of writing, the parallel tracks at the WTO have started to clash. On 14th December 2020, the 86 members of the JSI published and circulated a Consolidated Negotiating Text titled ‘WTO Electronic Commerce Negotiations’ that have preventive obligations on the location of computing facilities and the local storage and processing of data.[21] Exceptions, including those of ‘legitimate public policy’ objectives and ‘essential security interests’ are still being debated by JSI members with four alternative texts being proposed.[22]

 

B. Free Trade Agreements

  • Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP)

Agreements on digital trade have been negotiated outside the WTO as well. The first of these is the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) which set the ball rolling on addressing obligations related to cross-border data flow.[23] Signed and ratified by Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, and Vietnam, the CPTPP that came into force has already influenced other bilateral and plurilateral trade agreements such as the Free Trade Agreement between Singapore and Australia.[24]

Chapter 14 of the CPTPP dealing with Electronic Commerce imposes explicit obligations on the cross-border transfer of data.

Article 14.11 titled ‘Cross Border Transfer of Information by Electronic Means’ compels parties to allow the cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business. Article 14.13 prohibits data localisation measures by member states by preventing parties from forcing businesses to “use or locate computing facilities in the party’s territory” as a pre-condition for doing business in that country.

There are a few exceptions to the obligations on cross-border flows. One such exception lies in Article 14.2 which clarifies that the provisions of the CPTPP do not prevent any member from requiring any official information including critical infrastructure plans, classified policy advice, or social security information to be stored locally on territorial servers.

The broadest exception lies in paragraph 3 of both Articles 14.11 and 14.13 which state that the CPTPP rules on data do not prevent a member from taking any measures in pursuance of a ‘legitimate public policy objective’ even if these measures contravene the obligations contained in the respective provisions so long as the restrictions are not greater than that required to attain the objective.

  • NAFTA 2.0

The second regional trade agreement containing provisions on cross-border data flows is the United States-Mexico-Canada Trade Agreement (NAFTA 2.0) which came into force on July 1st 2020.[25] Articles 19.11 and 19.13 of the NAFTA 2.0 are largely identical to Articles of 14.11 and 14.13 of the CPTPP (See Table 1). The exceptions to the obligations with respect to data localisation are also worded similarly to CPTPP. However, unlike the CPTPP which applies these exemptions to the obligation to not mandate local computing facilities as well, the USMCA exemptions only apply to the provision on cross border flow of information by electronic means­—thus reducing the domestic policy—making space available to members (See Table 1).

  • Regional Comprehensive Economic Partnership (RCEP)

The third such agreement is the Regional Comprehensive Economic Partnership (RCEP) which was signed by 15 countries, including 10 Association of South East Asian Nations (ASEAN) countries and 5 regional partners (Australia, China, Indonesia, Japan, South Korea). As it includes countries that have imposed some data localization measures at home, the permissible restrictions on cross border data flows among member states is more flexible in the RCEP than in the CPTPP or NAFTA 2.0.[26] The obligation to enable cross border data flows in Article 12.15 is identical to that in Article 14.11 of the CPTPP.[27] However, the exception contained in paragraph 3 of Article 12.15 is far broader.

In addition to the legitimate public policy objective provided for in the CPTPP, members may also restrict cross border data flows in the pursuance of any measure it considers necessary for the protection of its ‘essential security interests.’ The provision clarifies that if a member does claim to take a measure in furtherance of its ‘essential security interests‘ this cannot be disputed by other parties.

A summary of plurilateral trade arrangements and their implications for cross-border data flows may be found in Table 1.

 

Table 1: Plurilateral trade agreements and cross-border data flows

Trade Agreement Location of Computing Facilities Cross Border Transfer of Information by Electronic Means Exceptions
Regional Comprehensive Economic Partnership (RCEP) No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that Party’s territory (Art 12.14 A Party shall not prevent cross-border transfer of information by electronic means where such activity is for the conduct of the business of a covered person Necessary to achieve a legitimate public policy objective (to be decided by the implementing party) provided that the measure is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade OR any measure that it considers necessary for the protection of its essential security interests (which cannot be disputed by other parties)
Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in said territory Each Party shall allow the cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person. (Art. 14.11) To achieve a legitimate public policy objective, provided that the measure:(a) is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade; and (b)does not impose restrictions on the use or location of computing facilities greater than are required to achieve the objective. (Art.14.11 and 14.13)
US-Mexico-Canada Agreement (USMCA) No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory. (Art. 19.12) No Party shall prohibit or restrict the cross-border transfer of information, including personal information, by electronic means if this activity is for the conduct of the business of a covered person. (Art 19.11) Necessary to achieve a legitimate public policy objective, provided that the measure:(a) is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade; and(b)does not impose restrictions on transfers of information greater than are necessary to achieve the objective (Art.19.11, no exception to Art. 19.12)

(Source: Author’s compilation)

 

C. Domestic Legislation

Amidst the global multilateral and plurilateral tussle to set out rules for cross border-data flows, several states have issued domestic legislative mandates compelling data localisation. In a previously published paper, I identified at least eighteen jurisdictions that have imposed various kinds of localisation mandates. The models may differ in the strength of the mandate,[28] the type of mandate, the type of data to which the mandate extends to and the sectors involved.

Some countries such as China, Nigeria, and Russia have unconditional restrictions on cross border data flows outside their territory. Others have unconditional localisation mandates that are sector-specific such as tax records in New Zealand or sensitive and personal health data in Australia. A third group of countries, largely in Latin America and the European Union have a conditional localisation mandate which allows for transfer of data outside its territory only if the recipient country has an ‘adequate data protection framework‘ in place.

  • Type of restriction

In terms of the type of mandate, these vary from compelled storage of a mirror copy in the territory (Russia) to mandatory local storage[29] (Indonesia) to mandatory local processing[30] (Turkey). Other countries have sector-specific restrictions.

States which are proponents of free flow of data have actively spoken out against such measures. President Trump made the United States’ views against localisation explicitly clear at a meeting on the sidelines of the Osaka G20 Summit in 2019.[31] However, the United States itself retains some regulatory restrictions on cross-border data flows. For example, the United States requires that all companies working with the Department of Defense (DoD) store defense data within its territory.

The European Union which has actively voiced concerns with data localisation across jurisdictions itself restricts the transfer of data to any country which does not comply with the standards of data protection guaranteed in the General Data Protection Regulation.[32]

The reasons for imposing regulatory restrictions vary across jurisdictions and are not limited only to trade concerns. It is clear that unrestricted free flow of data without any sovereign intervention is unlikely to be a reality-no matter the political rhetoric on both sides of the debate. Given India’s economic clout and the sheer size of its population, India’s engagement with this global debate will be critical towards the crafting of a global regime regulating cross border data flows and the norms contained within.

 

III. India’s approach to cross-border data flows

 

A. India’s Multilateral Position at the World Trade Organisation

As it has done with previous debates at the World Trade Organisation (WTO),[33] India has looked to actively shape global rules on data flows. To begin with, India and South Africa have led the gambit against the continued extension of the 1998 WTO moratorium on customs duties on electronic commerce transmissions.[34] India has also looked to reinforce the Work Programme at the General Council and accused the Joint Statement Initiative (JSI) of:

creat[ing] guidelines that will serve as the basis of any later international agreement on e-commerce, which will favour richer nations owing to the nature of the developed market systems and penetration by online firms in the retail space[35]

India opposed parallel rule-making through plurilateral initiatives within the WTO and made specific references to the cessation of regulatory autonomy on cross-border data flows.[36] In February 2021, India with South Africa published a communication disputing the legal validity of the JSI format within the institutional architecture of the WTO. They have contested the procedure underpinning the JSI itself for violating several aspects of the Marrakesh Agreement, including the multilateral underpinnings of the WTO captured in Article II.1 and Article III.2 of the Marrakesh Agreement, consensus-based decision-making captured in Articles III.2, IX, X and X.9 of the Marrakesh Agreement, and the procedures for Amendments of rules in Article X.[37]

India adopted the same assertive approach at the G20 Osaka Summit last year. At this summit, along with BRICS countries, India reiterated the crucial role of data in development, especially for emerging economies and did not sign onto the Osaka Track.[38] Foreign Secretary at the time Vijay Gokhale reiterated the argument that agreements on data should not happen outside the WTO General Council framework as it would result in undermining the voices of the developing world.[39]

 

B. India’s Position at Free Trade Agreements (FTA)

However, India’s position has not been permanent or rigid. India has sometimes diluted its stance on data localization whenever it felt that it may be in its strategic interests to do so. For example, as India was participating in negotiations building up to the Regional Comprehensive Economic Partnership (RCEP), cross-border data flows were a major talking point.[40] However, in the span of ten days, India changed its position, allowing the Chapter to go through so long as the exceptions on ‘essential security interests‘ and ‘legitimate public policy objectives‘ were retained.[41] Ultimately, India did not sign up to the RCEP for other reasons but the negotiation process demonstrates a certain flexibility with respect to cross border data flows. This flexibility and willingness to compromise benefited as India negotiates future trade agreements, including a Free Trade Agreement with the European Union and the United Kingdom.

 

C. India’s Domestic Regulation on cross border data flows

On the domestic front, several government entities have embarked on a concerted push towards data localization, as an extension of the government’s overarching ‘data sovereignty’ gambit. The first significant policy on data localization was a notification from the Reserve Bank of India in April 2018 which mandated the storage and processing of all payments data in India.[42] WhatsApp, Google Pay and Mastercard initially opposed these rules but along with a number of foreign companies prioritized compliance to retain their spot in India’s burgeoning payments sector.[43] The RBI has been very strict with compliance-Mastercard, American Express and Diners Club were banned from issuing cards in July 2021 for failure to meet data localisation norms.[44]

The RBI Directive was followed by a number of sectoral notifications and policies mandating different forms of data localization.[45] The most significant of these was the Srikrishna Committee Report in August 2018 (Srikrishna Committee Report).[46] This Report included a draft of the Personal Data Protection Bill (Bill), accompanied by justifications and explanations of the provisions in the draft.[47] Section 40 of the draft Bill contained a mirroring provision which mandated that entities processing data of Indian citizens must maintain a live serving copy of all such personal data within Indian territory (General Rule)[48] (Higher Standard). As per Section 40(2), the Central Government had a further right to notify certain data as ‘critical personal data‘ which could also only be processed in India. (Exemptions) Under Section 40(3) the Central Government had the right to exempt restrictions on the basis of strategic or practical concerns as long as it did not come within the definition of ‘sensitive personal data‘ as was defined in Section 2(35) of the draft Bill.

After stakeholder consultations, the Personal Data Protection Bill (PDP Bill]) was tabled in Parliament in December 2019.[49] Section 33 of the Bill tabled in Parliament did away with the mirroring requirement for all personal data and instead limited the local storage requirement to ‘sensitive personal data‘. As per the Bill, sensitive personal data may be transferred outside Indian territory for processing if certain conditions are fulfilled-which include obtaining explicit consent from the data user (‘data principal’) and being in pursuance of a contract or an intra-group scheme that safeguards user rights. Further, the data processor (fiduciary) is held liable through the provision if any harm accrues to the data principal.

As per Section 34 (1) (b), ‘sensitive personal data’, may be transferred abroad if the data is accorded an adequate level of protection in that jurisdiction. Further, Indian law enforcement authorities should have access to the data when needed for conducting criminal investigations. Therefore, the mandatory provision in the draft Bill was diluted to a conditional mandate along the lines of those in Latin America or the European Union. The only mandatory localisation provision which that the draft Bill retains is for ‘critical personal data‘ that must be stored and processed in India as per Section 33(2) of the PDP Bill, subject to some exceptions in Section 34(2).

The Joint Parliamentary Committee (JPC) deliberating on the PDP Bill tabled its report in December 2021. On data localisation, the report stated that storing data in Indian territory was essential for security, privacy, economic, geopolitical and purposes of innovation.[50] Therefore, the Committee recommends that the government should store mirror copies of all sensitive and critical personal data stored abroad, as a precursor to the ‘gradual localisation of all data’.[51] Further, it added an obligation on the Data Protection Authority (‘DPA’) to consult with the central government before approving the transfer of any sensitive personal data pursuant to a contract or intra-group scheme.[52] The furthering of the data localisation mandate by the JPC  indicates that the final data protection law will have a stringent data localisation provision, which will in turn lead to India being wary of any trade commitments that would compel them to dilute this stance.

 

IV. Assessing India’s Behaviour

Scholars have often labeled India as being obstructionist at multilateral forums—unnecessarily blocking negotiations or failing to have an impact.[53] Literature used to unpack India’s strategy has explained this defensive inclination through a range of factors including an institutional tilt at the Ministry of External Affairs (MEA) that inclines toward reticence and defensiveness[54], ideological posturing[55], and domestic political cultural traits that constrain negotiators.[56] The thrust of decolonisation and the developmental aspiration has certainly impacted India’s behavior on some multilateral issues such as arms control or trade. However, attempts to generalize India’s negotiating behavior risks occluding a sober empirical assessment of the specific political economy factors that shape India’s engagement with each regime.

In Does India Negotiate?, Nachiappan seeks to undertake this empirical assessment and concludes  that the nature and extent of Indian participation in regimes is dependent on three factors: strategic interests, institutional capacity and cohesion, and the interests and influence of domestic and external actors.[57] He evaluates this framework through an empirical assessment of India’s participation in four multilateral negotiations: The Framework Convention on Tobacco Control (FCTC), the Comprehensive Test Ban Treaty (CTBT), the Uruguay Round that set up the World Trade Organisation (WTO), and the United Nations Framework Conventions on Climate Change. In this section I will apply this framework to India’s behaviour with respect to cross border data flows. Rather than adopting a more general view of Indian multilateral behaviour, adopting Nachiappan’s framework enables us to better understand and evaluate India’s engagement with global digital trading regimes given the competing interests, actors, and institutions in play.

 

A. Strategic Interests

Interests, as explained by Nachiappan are “determined by interdependence around a particular policy problem that necessitates negotiation and rule-making.”[58] On tobacco control rules, for example Indian health officials worked with the World Health Organisation (WHO) to push forward a robust convention that posited clear rules regulating tobacco production and distribution globally. Within India, there was a clear public recognition of the societal and health impacts of tobacco use, which prompted India to consider enacting domestic legislation constraining the same. The Cigarettes and Other Tobacco Products Act (COTPA) was adopted in 2003 just three days before the Framework Convention on Tobacco Control (FCTC) was adopted by the 192 members of the World Health Organization. Nachiappan writes that “India’s FCTC stances influenced COTPA’s passage and vice-versa.”[59] The Indian delegation took a proactive stance on the Framework Convention on Tobacco Control (FCTC) that had several similar provisions to the COTPA.

India’s assertive position on cross-border data flows similarly stems from a clear recognition of its strategic interests in this space coupled with domestic regulation that directly intersects with India’s negotiating positions abroad. The strategic interests for India in this space are hybrid – a combination of economic, security and political interests. However, the primary site of contestation on cross border flows remains global economic fora – a factor that has impacted the domestic narrative on the debate, centering around data’s developmental dimensions.[60] When evaluating strategic interests underpinning Indian approaches to data flows, we are likely to see the continued confluence of economic, security and human rights. To uncover India’s strategic interests on cross border flows in the global digital trade regimes, I use public statements by officials, a range of domestic policies, and government reports as sources.

Public statements by officials have articulated India’s approach through the lens of ‘data sovereignty‘ and a clarion call to oppose ‘data colonialism‘, the exploitative economic practices of western tech companies operating in India and other parts of the global South.[61] IT minister Ravi Shankar Prasad has repeatedly stressed the significance of India’s data sovereignty when framing its regulatory strategy and foreign policy posturing.[62] This is driven by a desire among key government officials to unlock the potential value of the vast swathes of data created by Indian citizens, and  use these benefits  for financial or developmental purposes.[63]

A range of policies underscore the idea of the sovereign nation of India looking to maximize economic benefits from data generated by its citizens. In 2019, two iterations of the draft national e-commerce policy (second one tagged with the line “India’s Data for India’s Development”) were put out by the Department for Promotion of Industry and Internal Trade (DPIIT) under the Ministry of Commerce and Industry.[64] These focused on certain conceptions that were referred to cursorily in the Srikrishna Committee Report that accompanied the first draft of the Personal Data Protection Bill in 2018. The most significant innovation endorsed by the 2019 report was that of “community data”—viewing data as a ’societal common‘ or ’natural resource’—held by an unidentified (presumably national) community. To complicate matters further, Chapter 4 of the Economic Survey released by the Ministry of Finance in July 2019 introduced the conception of data as a ’public good‘ without any mention of data protection, barring a passing note on respecting privacy norms while also referring to the possibility of auctioning off this data to private players.[65]

This was followed in 2020 with a Consultation Paper on National Open Digital Ecosystem (NODE) that endeavoured to construct an “open and secure digital delivery platforms, anchored by transparent governance mechanisms, which enable a community of partners to unlock innovative solutions, to transform societal outcomes.[66] In 2020 and 2021, a Committee of Experts established by Ministry of Electronics and Information Technology (MEITY) proposed a regulatory framework for ‘non-personal data‘ across two reports. This was an attempt to clarify some existing gaps in the understanding of concepts like ‘community data‘ and ‘data trusts‘ and distinctions between personal and non-personal data while creating a framework that enables the generation of economic value from non-personal data in India. This report was much awaited especially due to the obligation entrenched in Section 91 of the Personal Data Protection Bill, 2019. The recent Data Empowerment and Protection Architecture (DEPA) consultation put out by NITI AAYOG in September 2020 also furthers this vision that seeks to “empower people to seamlessly and securely access their data and share it with third party institutions.”[67] It attempts to remedy the present scenario where the data of Indian citizens remains in silos which prevents individuals from using the benefits of an interoperable framework to access better services. Further, it argues that data remaining in silos provides scope for greater misuse.

Out of these policy instruments only the Srikrishna Committee Report and the E-Commerce Policy, 2019 explicitly mention a data localization requirement. However, noting these policies helps evaluate more closely the impetus towards deriving economic and developmental value from data. As argued in the Srikrishna Committee Report, asserting regulatory restrictions on cross-border data flows enables the Indian government to optimize this value and “build an AI ecosystem.[68]

While the overarching narrative has centered on economic concerns, there are two other strategic interests with respect to restricting cross-border data flows-both of which are referred to in the Srikrishna Committee Report. First, is the problem of law enforcement access to data during criminal investigations. A disproportionate amount of Indian citizens’ data is stored in the USA, which means that India has to obtain the data by putting in a request that needs to be processed through the US legal system and comply with US law before being granted.[69] The present Mutual Legal Assistance Treaty (MLAT) system that governs access to data stored abroad has been criticised.[70]

A third interest that was identified in the Srikrishna Committee Report but has not occupied centre-stage since is the protection of Indian citizens’ data from foreign surveillance. It argued that a large number of data processors being headquartered in the US, may compel them under laws such as Foreign Intelligence Surveillance Act (FISA) to conduct surveillance on Indian citizens.[71] Further, when banning Chinese apps in the aftermath of military clashes on the Sino-Indian border, the Press Release put out by the MEITY alleged that they violated Indian sovereignty and citizen privacy.[72] Given concerns with the Indian legal framework governing government surveillance, this is better understood as strategic short-term rhetoric deployed to justify actions by the governments rather than forming a substantial part of the overarching  reasoning underpinning India’s strategy at global negotiations on data flows.[73]

 

B. Institutional views and capacity (government)

The second factor identified by Nachiappan is domestic institutions-how policy makers are confronting the issue in India, and the institutional capacity and cohesion across government entities to adequately engage with it. Once a certain issue was identified as being of strategic importance, the personnel or resource capacity of the Ministry of External Affairs (MEA) becomes less significant in determining institutional capacity. Instead, the entire government’s approach to the issue and the views and intent of the specific institution tasked with shepherding negotiations becomes key to evaluating this prong. Before the Uruguay Round negotiations that set up the World Trade Organisation (WTO), Indian officials apprised themselves of the constraints Indian businesses faced while exporting textiles, agricultural goods and services abroad. Utilising the knowledge of the contours of the domestic market, Indian negotiators were able to extract the optimal level of protection for the Indian market while still grabbing the opportunity to obtain greater market access to other economies. The Ministry of Commerce (MOC) was the key institution during these negotiations, which was guided by input from experts at the Indian Institute of Foreign Trade (IIFT). The MOC commissioned a report by the IIFT guiding the negotiators to not negotiate trade in services while also urging MOC officials to rally developing countries to remain cautious on trade in services given opportunities while emphasizing labour services at the negotiations.[74]

Similarly, on cross-border data flows, the Indian government’s approach has truly been an ‘all of government’ effort with cohesion and coherence among the policy levers pushed by various institutions and entities. On the global front, negotiations at trade fora have been spear-headed by the MOC, whose talking points and positions have been echoed by statements made by MEA officials at plurilateral fora such as the BRICS and G20 and during bilateral engagements with key states like the United States.

On the domestic front, as many as nine different policies across sectors restricting cross-border data flows have either been notified or are in the draft phase by a number of government entities. Unlike the range of relatively uncoordinated policies on data governance writ large that I uncovered in the previous section, the legislative and policy framework on data localisation has been clear and coordinated across institutions. The clarity of the domestic vision driven by a significant emphasis on restrictions is certainly driving the well-coordinated approach looking to retain sovereign control over data at multiple international fora. So long as data localisation remains a core domestic issue, it is likely that unity and cohesion among central government entities will continue.

 

Table 2: List of data localization mandates in India[75]

Category of Data Government entity Policy/Law No restriction of cross border flow Local storage Local Storage and Processing
Critical personal data Srikrishna Committee set up by Ministry of Electronics and Information Technology Draft Personal Data Protection Bill, 2018 X
Personal data X (Mirroring requirement)
Sensitive Personal Data X
Critical Personal Data Ministry of Electronics and Information Technology (Meity) Personal Data Protection Bill, 2019 X
Sensitive Personal data X
Personal Data X
Public IoT data Department for Promotion of Industry and Internal Trade (Ministry of Commerce) E-Commerce Policy X
E-Commerce data X
Payment Systems data Reserve Bank of India RBI Circular X
e-Pharmacy data* Ministry of Health and Family Welfare Draft e-Pharmacy Regulations, 2018 X
Subscriber and User data Department of Telecommunications (Meity) Unified Access License for Telecom X
Subscribers’ databases (Broadcasting sector) DIPP now DPIIT (Ministry of Commerce) FDI Policy, 2017 X
Companies’ accounts related data Ministry of Commerce Companies (Accounts) Rules, 2014 X
Insurance Policyholder data Insurance Regulation and Development Authority IRDAI Regulations X
Government data Ministry of Electronics and Information Technology Guidelines on Contractual Terms Related to Cloud Services X

 

C. Domestic stakeholders (non-government) and political interests

Finally, as with any other country, India’s negotiating stances and enthusiasm has been guided by the stances of several non-governmental stakeholders and political realities at home. Experts, civil society groups, and business lobbies have all shaped India’s approach. During the Uruguay Round negotiations, Indian business groups-Confederation of Engineering Industry (CEI) and the Federation of Indian Chambers of Commerce (FICCI), Associated Chamber of Commerce, National Association of Software and Service Companies (NASSCOM)-influenced the Indian delegation’s balanced views on Intellectual Property.

With cross border flows, there are a number of stakeholders who harbor important ‘stakes’ in both the domestic regulatory ecosystem and India’s consequent engagement with global trade regimes. The influence asserted by each stakeholder has already impacted the government stance, and will continue to remain key in shaping India’s strategic contributions on cross-border flows in the global trade regime.[76]

  • Business

India’s approach to cross-border data flows has been marked by vigorous and polarising debates among domestic and international pressure groups.[77] As expected, the stance of the private sector has been driven by business interests. The private sector itself may be divided into three groups. Chairman of Reliance Industries Mukesh Ambani has come out vocally in favour of localisation, urging its use as a key tool in the fight against ‘data colonialism’.[78] Other large financial players such as PhonePe[79] and Paytm[80] have also backed the RBI Directive mandating the localisation of financial data. Their motivations lie in reducing the control and consequent economic benefits that foreign companies derive the data of Indian citizens.[81] Further, Indian companies would have easier access to data in anonymised form for economic benefit enabled by the range of enabling legislation and policy discussed in Section IV.

To evade compliance costs that would stem from data localisation[82], foreign technology companies, again driven by business interests, have applied pressure in the opposite direction. Facebook Public Policy Vice President Nick Clegg[83] and Google CEO Sundar Pichai[84] constantly opposed data localization on several occasions when interacting with policy-makers in New Delhi. Industry lobbying groups, including the U.S.-India Strategic Partnership Forum (USISPF),[85] have attempted to assert influence by  collective lobbying through coalitions such as the U.S.-India Business Council (USIBC),[86] and the National Association of Software and Service Companies (NASSCOM)[87] that represent the interests of some of these companies enabled the foreign industrial players. [88]

Interestingly, as the regulations were being debated, a third major private sector group that came out in favor of localisation were large Chinese technology companies like Alibaba and Xilinx. Alibaba and its affiliate entities own a 30.33% per cent stake in One97 Communications Ltd[89] which owns Paytm, and has already set up data centers in India to support its cloud computing business.[90] While the business interests are clear, the influence these companies can exert on policy-making have dwindled as geo-political realities have shifted over the past year. With the restrictions on Chinese investments stemming from the Foreign Direct investment Press Note[91] and the continued banning of Chinese apps in the region, this group may be eschewing the Indian market for other emerging economies.[92]

However, private sector coalitions are not set in stone. They change as business interests evolve. Partnerships are being forged between groups on either side of the fence on localisation. In April 2020, it was announced publicly that Facebook Inc. had signed binding agreements to invest to the tune of $5.7 billion USD into Reliance Industries Limited’s subsidiary Jio Platforms-a deal which gives them a 9.99% share and a board seat. Reliance Jio Head of Strategy Anshuman Thakur and Managing Director of Facebook India Ajit Mohan have agreed that “both Facebook and Jio are independent entities and there’ll be areas that we will collaborate in but there will be areas where we will potentially not agree with each other either.”[93] Thus far, there is no publicly available indication that Reliance or Facebook are changing their respective stances on data localisation but the extent of board influence exercised by Facebook remains a critical factor that should be closely watched.[94]

  • Civil Society

Civil society actors active in the debate can be divided into advocacy groups that are driven by specific ideological interests and experts, who provide ‘expertise’ that is ostensibly neutral but ultimately are a product of ideological interests. In terms of advocacy groups, the Swadeshi Jagran Manch-an affiliate of the Rashtriya Swayamsevak Sangh (RSS)-has been an important pro-localisation stakeholder, a natural extension to its long-vaunted stance opposing liberalisation and globalisation.[95] As per a report by India Today, the SJM has stressed on the need for data localisation and data nationalism in a letter to Prime Minister Modi.[96] It also assured Prime Minister Modi that it will play a “positive role in ensuring that data localisation…become reality very quickly.[97] Groups like the SJM have the potential to influence decision-making at the highest levels of government given their allegiance and ideological convergence with the Bharatiya Janata Party (BJP) presently in power.[98]

Advocacy groups focusing on digital rights including Access Now[99] and the Internet Freedom Foundation[100] highlighted the possibility of third-party abuse, and the denigration of the vision of an open internet. These groups have influenced public opinion on data localisation through a number of conferences, social media campaigns and press releases. The exact extent and nature of influence an advocacy group command is difficult to discern. While each domestic government policy undergoes public consultation, the extent to which a submission is read and scrutinized by the government is still unknown. Further, government officials have off-the-record meetings with stakeholders from industry that are undocumented.

Given the importance of this issue to government and industry actors, there has been demand for expertise to weigh the contours of the debate. One such expert group that commands influence within the government is iSpirt that has batted for localisation-Indian Software Product Industry Roundtable-a think-tank with a network of many volunteers who were once a part of the Unique Identity Development Authority of India (UIDAI.)[101] RBI has heavily relied on inputs from iSpirt during its discussion on data localisation with stakeholders, resulting in RBI being accused of bias by business coalitions representing US interests.[102]

The second expert group is the Vidhi Centre for Legal Policy, which was involved in drafting the Personal Data Protection Bill, 2018 and the Srikrishna Committee Report, and is regularly consulted by Central and State Governments in law and policy-making.[103] Several experts working independently of the government at universities and research institutions have also put forth their views in op-eds,[104] media interviews[105] and academic articles.[106] For example, Kovacs and Ranganathan of the Internet Democracy Project argued in an academic paper that “data localisation seems to merely entail a transfer of power to domestic elites…and does relatively little to return sovereignty to the people,” instead facilitating greater control for the state and private actors.[107]

It is difficult to say with any degree of certainty how stakeholders influence decision-making. However, from the publicly available evidence of consultation undertaken by decision-makers, including the public record of actors invited to depose before the JPC, business interests represented by the corporate sector and law firms, along with select research organizations that work closely with government will exert more influence than independent experts or civil society. This is not set in stone, however, the vibrant multi-stakeholder ecosystem shaping the debate in India means that the government will need to account for its decisions-both domestically and globally-even if it chooses to directly engage with only a select few.

  • Governments

Foreign governments, most prominently the United States, have also sought to influence India’s domestic landscape and global negotiating positions to further the business interests of their stakeholders. Consequently, data localization became a crucial talking point in the U.S.-India trade negotiation with the U.S. Commerce Secretary Wilbur Ross continuously flagging[108] it as a provision that will unduly harm U.S. companies. Secretary of State Mike Pompeo reportedly mulled restricting H1B visas for any country that has a data localization requirement.[109]

The U.S. has also utilized legislative and policy instruments at its disposal to further this agenda. The US President has the power under Section 301 of the Trade Act of 1974 to impose retaliatory action against countries in pursuance of complaints made by US companies.[110] As per the Omnibus Trade and Competitiveness Act, 1988, the United States Trade Representative (USTR) issues annual reports submitted to Congress on the practices of countries that the US trades with and recommends action against violators.[111]

Data localization by India has been called out as a barrier to digital trade in the 2019,[112] 2020[113] and 2021[114] Section 301 Reports, indicating bipartisan consensus on opposing India’s localization policies. As Reddy and Chandrasekharan note, ‘crowbar diplomacy’ or the use of American economic power to forcefully open up foreign markets was utilised by American negotiators to compel India to sign up to obligations under the Trade Related Aspects of Intellectual Property (TRIPS) agreement within the WTO framework.[115] Intensive lobbying since the publishing of the draft Personal Data Protection Bill was partially successful with the localisation obligation being diluted in the version that was tabled in 2019 with the mirroring requirement for all personal data being removed. Crowbar diplomacy had less impact on the deliberations of the JPC, which recommended that a mirroring requirement for sensitive personal data and critical data be considered by the government.

 

V. Conclusion

India’s behavior at international forums regulating cross-border data flows has been underpinned by a clear identification of short-term strategic interests, backed up institutional cohesion and capacity to engage, and shaped through the influence of key non-governmental actors, including business corporations and select research organisations. Domestic regulatory policy on data localisation has been identified by the government as a key strategic priority, which has led to robust institutional engagement across ministries. This has been accompanied by consistent engagement by a number of stakeholders attempting to influence the government and holding its decisions to account. The factors shaping India’s engagement on cross border flows is summarized in Table 3.

Looking forward, I close with four observations. First, despite external pressure from governments and businesses alike, it is unlikely that India’s domestic policy on data localisation and consequent global negotiating stances will change. The JPC report advocating for more stringent localisation measures coupled with India’s continuous opposition to, and abstinence from the JSI at the WTO are evidence of that. India’s data localization push is not merely ‘empty rhetoric’—there were significant costs imposed on Mastercard and other foreign card companies that failed to comply with the RBI’s mandate by preventing them from issuing new cards. While India’s substantive stance is unlikely to change, there could be some flexibility as India seeks to eke out free trade agreements with countries like the United Kingdom, Australia, and the European Union or if it chooses to re-engage with regional trade agreements like RCEP and CPTPP.

Second, on cross border flows writ large, there will likely be a continued deadlock as emerging powers like India continue to shape the debate. This could lead to further fragmentation of the digital trade regime as digital trade rules are increasingly negotiated outside WTO confines through regional and bilateral trade agreements.

Third, divergent positions on cross border flows at trading regimes has not undermined cooperation in other spheres, especially in the technical and security domains-co-operation that will continue. The technology alliance forged through the Quadrilateral Security Dialogue comprising Japan, Australia, USA and India is a case in point.[116] The four countries have come together to reduce the influence and coercion exercised by China in the Indo-Pacific region and have agreed to co-operate on technology, among other security issues. Yet, the three other states are a member of the JSI and support unrestricted cross-border data flows. Another example is the Global Partnership on Artificial Intelligence-another ‘democratic technology coalition’ that excludes Russia and China.[117] The aim of this coalition is to foster a multi-stakeholder approach to responsible AI, data governance, the future of work, and innovation. The GPAI comprises of G7 countries, Republic of Korea, Singapore, Slovenia, and the European Union. Again, barring India, all GPAI members have signed onto the Joint Statement Initiative on e-commerce.

So, strategic interests on cross border data flows need not spill over into security interests when countering an increasingly assertive China or shoring up India’s economic and security needs. Where these interests converge due to a shared threat (such as China) or a shared opportunity (collaborative innovations or regulatory opportunities), we will see alliances that may transcend the north-south divide. Where interests diverge, as they have in the case of data flows, we will see continued contestation

Finally, narratives such as those on data sovereignty and data colonialism will continue to be used as tools that legitimize specific government policies and negotiating stances on cross border data flows. They should not be analyzed as inflexible dogma that will necessarily underpin both the design and substance of India’s contributions at all global governance forums on technology. Instead, any analyst looking to understand or predict India’s behaviour should ask the core empirical questions: First what are the strategic interests in this regime and how are narratives, rhetoric and policy shaping these interests? Second, what is the institutional capacity within government to engage with the issue and are governmental institutions in sync? And finally, is there vibrant multi-stakeholder engagement, and how is this engagement likely to influence India’s interests and government decision-making? As I demonstrated with India’s engagement on cross border data flows, each regime is unique and evaluating a range of primary sources on each regime will illuminate more than ascribing broader generalizations across issue areas or global governance regimes

 

Table 3: Summary of empirical factors shaping India’s engagement with cross border flows

REGIME STRATEGIC INTEREST INSTITUTIONAL CAPACITY AND VIEWS (GOVERNMENT) STAKEHOLDERS AND POLITICAL REALITIES (NON-GOVERNMENT) INDIA’S POSITION
Cross border data flows (WTO, Regional trade agreements, G20) Retaining control over data flows so that domestic companies can reap economic dividend and law enforcement authorities can have better access to data stored abroad. Coordination between MEA (G20) and Ministry of Commerce (representing India at WTO and regional trade agreements) Coordination between ministries and Reserve Bank of India in framing India’s domestic data localisation policies. Clearly defined domestic business interests looking to retain control over data flows for economic dividend. Large Indian players-Reliance, PhonePe, Paytm want data localisation countered by lobbying interests from western companies who want less restrictions. Clear stance arguing for ‘data sovereignty’ and a refusal to sign on to any initiative that champions data free flows. Softening of domestic localisation stances after foreign lobbying but no change in multilateral posturing although concessions at RCEP indicate willingness to negotiate based on practicality.

 

 

 

 


  1. I am grateful to Prof. Sudhir Krishnaswamy, Divij Joshi, and everyone involved with editing and reviewing this document. This paper has drawn on previous research I have authored or co-authored in the Economic and Political Weekly, Observer Research Foundation, Diplomat and Seminar. I would further like to thank Amb. Latha Reddy for responding to this paper at the workshop, and providing important insights. All errors remain my own.
  2. Kieron O’Hara and Wendy Hall, Four internets: Data, geopolitics and the governance of cyberspace (New York, Oxford University Press,2021).
  3. Neha Mishra, India: leading or thwarting data governance and digital trade (Hinrich Foundation, 10 October 2021), <https://www.hinrichfoundation.com/research/article/digital/india-leading-or-thwarting-data-governance-and-digital-trade/> accessed 10 January 2022.
  4. Karthik Nachiappan, Does India Negotiate? (Oxford University Press, 2019).
  5. McKinsey Global Institute (March 2016), Digital Globalization: The new era of global data flows <https://www.mckinsey.com/~/media/McKinsey/Business%20Functions/McKinsey%20Digital/Our%20Insights/Digital%20globalization%20The%20new%20era%20of%20global%20flows/MGI-Digital-globalization-Full-report.ashx> accessed 5 February 2020.
  6. World Economic Forum, Exploring international data flow governance (White Paper, December 2019) <http://www3.weforum.org/docs/WEF_Trade_Policy_Data_Flows_Report.pdf> accessed 5 February 2020.
  7. McKinsey Global Institute (January 2019), “Globalization in Transition: The Future of Trade and Value Chains”.
  8. For a detailed history of WTO’s engagement with e-commerce and digital trade see Nehaa Chaudhari, "India: E-commerce related discourse at the WTO: A brief history," (Mondaq, 29 June 2020) <https://www.mondaq.com/india/international-trade-investment/958702/e-commerce-related-discourse-at-the-wto-brief-history-and-subsequent-developments-> accessed 5 February 2020.
  9. WTO, 20 May 1998 “The Geneva Ministerial Declaration on Global Electronic Commerce,” <https://www.wto.org/english/tratop_e/ecom_e/mindec1_e.htm>.
  10. Susan Ariel Aaronson and Thomas Struett, “Data Is Divisive: A History of Public Communications on e-Commerce, 1998–2020,” Centre for International Governance Innovation Paper No. 247, 14 December 2020. <https://apo.org.au/> accessed January 10 2022.
  11. Nehaa Chaudhari (29 June 2020), "India: E-commerce related discourse at the WTO: A brief history," Mondaq. <https://www.mondaq.com/india/international-trade-investment/958702/e-commerce-related-discourse-at-the-wto-brief-history-and-subsequent-developments->accessed 5 February 2020.
  12. WTO (December 13, 2017), "Joint Statement on Electronic Commerce". <https://ustr.gov/sites/default/files/files/Press/Releases/Joint%20Statement%20on%20Electronic%20Commerce.pdf> accessed 5 February 2020.
  13. WTO Joint Statement on Electronic Commerce, WT/L/1056, January 25, 2019.
  14. Henry Gao, "Across the Great Wall: E-commerce Joint Statement Initiative Negotiation and China,"in Shin-yi peng, Ching Fu-Lin, and Thomas Streinz, Artificial Intelligence and International Economic Law (Cambridge University Press, 2021) 303. WTO Joint Statement on Electronic Commerce: Communication from Indonesia (INF/ECOM/47, 22 November, 2019). Yulya Aryani, Wina Andari and Suhindarto, Impact of Information Technology and E-Commerce on Indonesia's trade to ASEAN countries (ADBI Institute Working Paper Series No. 1254, April 2021), 13, <https://www.adb.org/sites/default/files/publication/697176/adbi-wp1254.pdf> accessed 10 January 2022.
  15. Asit Ranjan Mishra (22 October 2021), "India and South Africa question status of ongoing plurilateral initiatives at WTO," Livemint <https://www.livemint.com/news/india/india-questions-legal-status-of-ongoing-plurilateral-negotiations-at-wto-11634845206547.html> accessed 10 January 2022.
  16. Kirtika Suneja, (10 December 2020) "India and South Africa revive multilateral talks on ecommerce", The Economic Times. <https://economictimes.indiatimes.com/news/economy/policy/india-and-south-africa-revive-multilateral-talks-on-ecomm/articleshow/79650347.cms?from=mdr> accessed 10 January 2022.
  17. WTO (21 June, 2021), "E-commerce negotiations: Members share updates, discuss legal architecture of future outcome," Press release, <https://www.wto.org/english/news_e/news21_e/ecom_21jun21_e.htm>
  18. Geneva Internet Platform (1 July 2019), "The G20 Osaka Track raises controversy” <https://dig.watch/updates/g20-osaka-track-raises-controversy> accessed 5 February 2020.
  19. G20 Osaka summit Declaration (28 June 2019), “Osaka Declaration on Digital Economy” <http://www.g20.utoronto.ca/2019/osaka_declaration_on_digital_economy_e.pdf>.
  20. Geneva Internet Platform (1 July 2019), "The G20 Osaka Track raises controversy", <https://dig.watch/updates/g20-osaka-track-raises-controversy> accessed 5 February 2020.
  21. WTO Electronic Commerce Negotiations (December 2020), Consolidated Negotiating Text <https://www.bilaterals.org/IMG/pdf/wto_plurilateral_ecommerce_draft_consolidated_text.pdf> accessed 10 January 2022.
  22. Simon Lester (16 Feb, 2021), "Exception proposals in the WTO E-Commerce Negotiating Text: Part 2," International Economic Law and Policy Blog <https://ielp.worldtradelaw.net/2021/02/exceptions-proposal-in-wto-e-commerce-negotiating-text-part-2.html,accessed> 10 January 2022.
  23. Comprehensive and Progressive Agreement for Trans-Pacific Partnership (signed 8 March 2018 and entered into force 30 December 2018).
  24. Yeoh Lian Chuan, "Regulation of Cross Border Data Flow under trade agreements" (PDP Digest, 2019) 131, <https://www.sabaralaw.com.sg/content/dam/assets/sx/Documents/legal/sx-legal-sabaralaw-regulation-crossborder-data-flow-trade-agreement.pdf> accessed 5 February 2020.
  25. United States-Mexico-Canada trade Agreement (adopted 30 November 2020, entered into force 1 July 2020).
  26. Regional Comprehensive Economic Partnership
  27. Similarity is not surprising as some states are members of both Partick Lebland, "Digital trade: Is RCEP the WTO's future?" Centre for International Governance Innovation, 23 November 2020, <https://www.cigionline.org/articles/digital-trade-rcep-wtos-future/> accessed 10 January 2022.
  28. Arindrajit Basu, Elonnai Hickok and Aditya Chawla, “The Localisation Gambit” (Centre for Internet & Society,2019) 49-60 <https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf> accessed 10 January 2022.
  29. This means that data must be stored in physical servers located within the territory of that country.
  30. This means that any interpretation or analysis must take place within that country.
  31. “the United States opposes data localization and policies, which have been used to restrict digital trade flows and violate privacy and intellectual property protections.” Suhasini Haider (June 28,2019), "At G20, India stands with developing countries-not U.S., Japan-on 5G and data," The Hindu, <https://www.thehindu.com/news/national/on-5g-and-data-india-stands-with-developing-world-not-us-japan-at-g20/article28207169.ece> accessed 10 January 2022.
  32. ET Bureau (Nov 21,2018), "GDPR-loving EU says India's data localisation unnecessary," Economic Times <https://economictimes.indiatimes.com/tech/internet/gdpr-loving-eu-says-indias-data-localisation-unnecessary/articleshow/66725579.cms> accessed 5 February 2020.
  33. Aarshi Tirkey (21 August,2019), "India and multilateralism: United Nations and the World Trade Organisation," Observer Research Foundation, <https://www.orfonline.org/expert-speak/india-and-multilateralism-united-nations-and-the-world-trade-organisation-54604/> accessed 5 February 2020.
  34. Communication from India and South Africa, Work Programme on Electronic Commerce: The E-commerce Moratorium: Scope and Impact (10 March 2020), <https://docs.wto.org/dol2fe/Pages/FE_Search/FE_S_S009-DP.aspx?language=E&CatalogueIdList=264789%2C264692%2C263985%2C262610%2C262031%2C261632%2C261432%2C261434%2C259951%2C259601&CurrentCatalogueIdIndex=4&FullTextHash=&HasEnglishRecord=True&HasFrenchRecord=> accessed 5 February 2020.
  35. Subhyan Chakraborty (25 February, 2019), "India refuses to join e-commerce talks at WTO, says rules to hurt country," Business Standard, <https://www.business-standard.com/article/economy-policy/india-refuses-to-join-e-commerce-talks-at-wto-says-rules-to-hurt-country-119022500014_1.html> accessed 5 February 2020.
  36. Ibid
  37. The Legal Status of 'Joint Statement Initiatives' and other negotiated outcomes (Communication from India and South Africa, 18 Feb 2021). WT/GC/W/819, <https://docs.wto.org/dol2fe/Pages/SS/directdoc.aspx?filename=q:/WT/GC/W819.pdf&Open=True>.
  38. Ravi Kanth (30 June 2018), "India boycotts 'Osaka Track' at G20 Summit,' Livemint, <https://www.livemint.com/news/world/india-boycotts-osaka-track-at-g20-summit-1561897592466.html> accessed 5 February 2020.
  39. Aditi Agrawal (01 July 2019), "India and tech policy at the G20" Medianama. <https://www.medianama.com/2019/07/223-india-and-tech-policy-at-the-g20-summit/> accessed 10 January 2022.
  40. T.C.A. Sharad Raghavan (Oct 11 2019), "India rejects RCEP e-commerce chapter," The Hindu, <https://www.thehindu.com/business/india-rejects-rcep-e-commerce-chapter/article29659912.ece> accessed 10 January 2022.
  41. Joe C Mathew (21 October, 2019), “RCEP consultations to conclude, India seems to have relented on e-commerce rules," Business Today <https://www.businesstoday.in/current/economy-politics/rcep-meet-to-conclude-tomorrow-india-seems-to-have-relented-on-e-commerce-rules/story/385921.html> accessed 10 January 2022.
  42. Storage of Payment Systems Data.6 April 2018.RBI/2017-18/153 DPSS.CO.OD
  43. Arindrajit Basu and Justin Sherman (24 January 2020),"Key global takeaways from India's revised Personal Data Protection Bill," Lawfare, <https://www.lawfareblog.com/key-global-takeaways-indias-revised-personal-data-protection-bill> accessed January 10 2022.
  44. Remya Nair (20 July 2021), "What is data localisation & why Mastercard, Amex, Diners Club can't add more customers in India," The Print, <https://theprint.in/economy/what-is-data-localisation-why-mastercard-amex-diners-club-cant-add-more-customers-in-india/703790/> accessed 10 January 2022.
  45. Arindrajit Basu, Elonnai Hickok and Aditya Chawla, “The Localisation Gambit,” The Centre for Internet & Society, March 2019 <https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf>.
  46. Ministry of Electronics and Information Technology, "A free and fair digital economy Protecting Privacy Empowering Indians" (Committee of Experts under the Chairmanship of Justice B.N. Srikrishna, 2018) <https://www.meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf>.
  47. Ministry of Electronics and Information Technology, "A free and fair digital economy Protecting Privacy Empowering Indians" (Committee of Experts under the Chairmanship of Justice B.N. Srikrishna, 2018) <https://www.meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf>.
  48. Personal Data Protection Bill 2019. S. 40
  49. Ibid
  50. Lok Sabha, Report of the Joint Committee on the Personal Data Protection Bill, 2019 (New Delhi, Lok Sabha Secretariat, December 2021) Para 1.9.4 <http://164.100.47.193/lsscommittee/Joint%20Committee%20on%20the%20Personal%20Data%20Protection%20Bill,%202019/17_Joint_Committee_on_the_Personal_Data_Protection_Bill_2019_1.pdf> accessed 10 January 2022.
  51. Ibid, para 2.1.55
  52. Ibid, para 1.15.17.5
  53. David Malone. Does the Elephant Dance? Contemporary Indian Foreign Policy (New Delhi, Oxford University Press, 2011).
  54. Teresita C. Schaffer and Howard B. Schaffer. India at the Global High Table: The Quest for Regional Primacy and Strategic Autonomy. (Washington DC, Brookings Institution Press, 2016).
  55. Kate Sullivan. “Exceptionalism in Indian Diplomacy: The Origins of India's Moral Leadership Aspirations” (2014) 37, South Asia: Journal of South Asian Studies 4, 640–55.
  56. Amrita Narlikar. “Peculiar Chauvinism or Strategic Calculation? Explaining the Negotiating Strategy of a Rising India”, 82 International Affairs 1 (2006), 59-76.
  57. Karthik Nachiappan, Does India Negotiate (Oxford University Press, New Delhi 2019).
  58. Ibid 191
  59. Karthik Nachiappan, Does India Negotiate? (Oxford University Press, New Delhi 2019)
  60. For an assessment of how narratives around ‘poverty came to shape debates around trade at the WTO see Amrita Narlikar, Poverty Paradoxes in International Trade Negotiations and Beyond (Cambridge University Press, Cambridge, 2020).
  61. Rahul Matthan (1 January, 2019), "Colonialism 2.0-Truly”, Swarajya Magazine, <https://swarajyamag.com/magazine/colonialism-20-truly> accessed 10 January 2022.
  62. TNN (24 August,2019), "PM Modi won't compromise on data sovereignty," Times of India <https://timesofindia.indiatimes.com/business/india-business/pm-wont-compromise-on-data-sovereignty/articleshow/70812638.cms>.
  63. Surabhi Agarwal and Megha Mandavia (Nov 30,2020), " We've not leveraged advantage of being world's largest data market:Meenakshi Lekhi," Economic Times, <https://economictimes.indiatimes.com/tech/tech-bytes/weve-not-leveraged-advantage-of-being-worlds-largest-data-market-meenakshi-lekhi/articleshow/79483923.cms> accessed 5 February 2020.
  64. Draft E-commerce Policy (2019) <https://dipp.gov.in/sites/default/files/DraftNational_e-commerce_Policy_23February2019.pdf>
  65. Ministry of Finance, Data of the people,by the people, for the people (Economic Survey,2019)<https://www.indiabudget.gov.in/budget2019-20/economicsurvey/index.php>
  66. Ministry of Electronics and Information Technology,  Strategy for National Open Digital Ecosystem(Consultation White Paper,2020)<https://www.medianama.com/wp-content/uploads/mygov_1582193114515532211.pdf>
  67. Niti Aayog, Data Empowerment and Protection Architecture (Discussion Paper,August 2020) 4<https://www.niti.gov.in/sites/default/files/2020-09/DEPA-Book.pdf> accessed 10 January 2022
  68. Ministry of Electronics and Information Technology, A free and fair digittial economy Protecting Privacy Empowering Indians (Committee of Experts under the Chairmanship of Justice B.N. Srikrishna,2018)<https://www.meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf,81.>
  69. See Amber Sinha, Elonnai Hickok, Udbhav Tiwari, and Arindrajit Basu, “Cross Border Data-Sharing and India: A Study in Processes, Content and Capacity,” (The Centre for Internet & Society, February 2016) 22 <https://cis-india.org/internet-governance/files/mlat-report> accessed 5 February 2020.
  70. Madhulika Srikumar et al., “India-US Data Sharing for Law Enforcement: Blueprint for Reforms,” (Observer Research Foundation and Cross-Border Requests for Data Project, Georgia Tech Institute for Information Security & Privacy, January 17, 2019) 39 <https://www.orfonline.org/wp-content/uploads/2019/01/MLAT-Book-_v8_web-1.pdf> accessed 5 February 2020. Off the record comment revealed that time taken could be anywhere between six to eight months.
  71. <https://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report-comp.pdf​>
  72. Ministry of Electronics & IT, "Government Blocks 118 Mobile Apps Which are Prejudicial to Sovereignty and Integrity of India, Defence of India, Security of State and Public Order," Press Release, Sep 02 2020 <https://pib.gov.in/PressReleasePage.aspx?PRID=1650669> accessed 5 February 2020.
  73. For a detailed exploration of the concerns with India’s present government surveillance regime see Rishab Bailey, Vrinda Bhandari, Smriti Parsheera, Faiza Rahman, "Use of Personal data by intelligence and law enforcement agencies," (National Institute for Public Finance and Policy, August 2018) <https://macrofinance.nipfp.org.in/PDF/BBPR2018-Use-of-personal-data.pdf> accessed 10 January 2022.
  74. Stephen Mcdowell, Globalization, Liberalisation and Policy Change: A Political Economy of India’s communication sector (London, Macmillan, 1997) 126.
  75. Adapted from  Arindrajit Basu, Elonnai Hickok and Aditya Chawla, “ The Localisation Gambit” (Centre for Internet&Society,2019)49-60<https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf> accessed 10 January 2022Many of these norms contain exceptions outlined in the text of the policy.
  76. Arindrajit Basu (10 January 2020), "The retreat of the data localization brigade: India, Indonesia, and Vietnam," The Diplomat, <https://thediplomat.com/2020/01/the-retreat-of-the-data-localization-brigade-india-indonesia-and-vietnam/> accessed 10 January 2022.
  77. Amber Sinha & Arindrajit Basu (27 December 2019), "The politics of India's data protection ecosystem," EPW Engage.
  78. Bhumika Katri (19 January 2019), "Mukesh Ambani urges PM Modi to take action for data localisation," Inc42 <https://inc42.com/buzz/mukesh-ambani-urges-pm-modi-to-take-action-for-data-localisation/> accessed 10 January 2022.
  79. PhonePe (September 11, 2018), “Data Localization — Why this Kolaveri Di?”, Phone Pe, <https://blog.phonepe.com/data-localization-why-this-kolaveri-di-6d5680e3f012> accessed 5 February 2020.
  80. P. Bhakta (September 20 2018), “India's data localisation policy will benefit the startup ecosystem: Paytm”, The Economic Times <https://tech.economictimes.indiatimes.com/news/internet/indias-data-localisation-policy-will-benefit-the-startup-ecosystem-paytm/65881255> accessed 5 February 2020.
  81. Mukesh Ambani has stated "In this new world, data is the new oil. And data is the new wealth. India's data must be controlled and owned by Indian people and not by corporates, especially global corporations."
  82. Martina F.Ferrecane, "The costs of data protectionism" in Mira Burri, “Global trade law and policy in the age of big data” (Cambridge, Cambridge University Press, 2021) 63-82.
  83. India Today Tech (13 September2019), "Exclusive: Data localisation will affect growth of Indian IT companies, says Facebook," India Today, <https://www.indiatoday.in/technology/story/data-localisation-will-affect-growth-of-indian-it-companies-says-facebook-1598923-2019-09-13> accessed 5 February 2020.
  84. Nimish Sawant, " Sundar Pichai's letter to RS Prasad hints why data localisation isn't feasible," (First Post, 10 September,2018)<https://www.firstpost.com/tech/news-analysis/sundar-pichais-letter-to-rs-prasad-hints-why-data-localisation-isnt-feasible-5151061.html>accessed 5 February 2020
  85. Submission to Meity available at: <https://www.medianama.com/wp-content/uploads/USISPF-Submission-India-Draft-Data-Protection-Bill-Privacy-2018.pdf> accessed 5 February 2020.
  86. Reuters (20 August, 2018), "US tech giants plan to fight India's data localisation plans," Hindu Business Line, <https://www.thehindubusinessline.com/info-tech/us-tech-giants-plan-to-fight-indias-data-localisation-plans/article24735579.ece> accessed 5 February 2020.
  87. IANS (18 Oct 2019), "Are data localisation norms in sync with India's Cloud vision?” Outlook, <https://economictimes.indiatimes.com/news/economy/policy/are-data-localisation-norms-in-sync-with-indias-cloud-vision/articleshow/71644721.cms> accessed 5 February 2020.
  88. Prashant Reddy T and Sumathi Chandrasekharan, Create, Copy, Disrupt: India’s Intellelctual Property Dilemmas (Oxford University Press, New Delhi, 2017) 39.
  89. Trisha Jalan (27 August, 2020), "Alibaba pauses India investments on hold for at least 6 months: Report," Medianama, <https://www.medianama.com/2020/08/223-alibaba-india-investments-paused/> accessed 5 February 2020 (In the aftermath of the ban on Chinese apps and restrictions on Chinese investments, Alibaba has halted investments in India for six months).
  90. Mughda Variyar (September 20, 2018), "Alibaba backs data localisation in India," Economic Times, <https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/alibaba-backs-data-localisation-in-india/articleshow/65869841.cms> accessed 5 February 2020.
  91. <https://dipp.gov.in/sites/default/files/pn3_2020.pdf>
  92. Ryan McMorrow and Stephanie Findlay (26 November, 2020), "Chinese tech companies write off India," Financial Times, <https://www.ft.com/content/eccb0eab-c99a-471a-b49b-dd380a1f6244> accessed 10 January 2022.
  93. Romit Guha (22 April, 2020), "Reliance Jio Says no preferential access to Facebook, Whatsapp," Economic Times, <https://economictimes.indiatimes.com/opinion/interviews/reliance-jio-says-no-preferential-access-to-facebook-whatsapp/articleshow/75305116.cms?from=mdr> accessed 5 February 2020.
  94. Arindrajit Basu & Amber Sinha (29 April, 2020), "The realpolitik of the Reliance Jio-Facebook deal," The Diplomat, <https://thediplomat.com/2020/04/the-realpolitik-of-the-reliance-jio-facebook-deal/> accessed 5 February 2020.
  95. Arun Anand (22 November 2020), "Swadeshi Jagran Manch-how RSS-inspired body went from 'pariah' to key policy guide in 29 years," The Print, <https://theprint.in/india/swadeshi-jagran-manch-how-rss-inspired-body-went-from-pariah-to-key-policy-guide-in-29-yrs/549499/> accessed 10 January 2022.
  96. ANI (October,2019), "Data localisation, digital nationalism need of the hour: RSS affiliate writes to PM Modi," ANI, <https://www.indiatoday.in/india/story/data-localisation-digital-nationalism-need-of-the-hour-rss-affiliate-swadeshi-jagran-manch-sjm-writes-pm-modi-1626497-2019-12-09> accessed 5 February 2020.
  97. Trisha Jalan (9 December, 2019), "Data localisation, digital nationalism need of the hour, says Swadeshi Jagran Manch to PM: Reports",  Medianama, <https://www.medianama.com/2019/12/223-data-localisation-digital-nationalism-swadeshi-jagran-manch/> accessed 5 February 2020.
  98. Arun Anand (22 November 2020), "Swadeshi Jagran Manch-how RSS-inspired body went from 'pariah' to key policy guide in 29 years," The Print, <https://theprint.in/india/swadeshi-jagran-manch-how-rss-inspired-body-went-from-pariah-to-key-policy-guide-in-29-yrs/549499/> accessed 10 January 2022.
  99. Access Now (September 2018), Assessing India’s Proposed Data Protection Framework: What The Srikrishna Committee Could Learn From Europe’s Experience (Access Now,2018) <https://www.accessnow.org/cms/assets/uploads/2018/09/Assessing-India%E2%80%99s-proposed-data-protection-framework-final.pdf>.
  100. Internet Freedom Foundation (2019), "#DataProtectionTop10: Data Localisation - A Threat to the free and open internet" Internet Freedom Foundation, <https://internetfreedom.in/dataprotectionttop10-data-localisation-a-threat-to-free-and-open-internet/>.
  101. Rishab Bailey et al (1 August 2018), “Use of personal data by intelligence and law enforcement agencies," Data Governance Network, <https://www.datagovernance.org/files/research/BBPR2018-Use-of-personal-data.pdf>  accessed 5 February 2020.
  102. Shashidhar KJ and Kashish Parpiani, "Easing the US-India divergence on data localisation," Observer Research Foundation, 22 July 2019 <https://www.orfonline.org/expert-speak/easing-us-india-divergence-data-localisation-53256/> accessed 5 February 2020.
  103. Venkat Ananth and Dinesh Narayanan, "Vidhi: Inside India's most influential legal think tank," Economic Times, <https://economictimes.indiatimes.com/prime/economy-and-policy/vidhi-inside-indias-most-influential-legal-think-tank/primearticleshow/77749948.cms> accessed 5 February 2020.
  104. Madhulika Srikumar and Bedavyasa Mohanty (03 August 2018), "Data localisation is not enough" The Hindu, https://www.thehindu.com/opinion/op-ed/data-localisation-is-not-enough/article24584698.ece> accessed 10 January 2022.
  105. Will Oremus (14 August, 2020), “The man who rallied India against Facebook worries digital nationalism has gone too far" One Zero, <https://onezero.medium.com/the-man-who-rallied-india-against-facebook-worries-digital-nationalism-has-gone-too-far-b19522f98585> accessed 10 January 2022.
  106. Rishab Bailey and Smriti Parsheera, "Data Localisation in India: Questioning the means and ends" (National Institute for Public Finance and Policy, 2018) <https://macrofinance.nipfp.org.in/PDF/BP2018_Data-localisation-in-India.pdf> accessed 10 January 2022.
  107. Anja Kovacs and Nayantara Ranganathan (Novemeber 2019), "Data sovereignty, of whom? Limits and suitability of sovereignty frameworks for data in India,” Data Governance Network Working Paper 03, <https://datagovernance.org/files/research/IDP_-_Data_sovereignty_-_Paper_3.pdf>
  108. Nikhil Pahwa (9 May 2019), “US Trade Secretary Wilbur Ross highlights data localisation, high tariffs on electronics, telecom products in India as trade issues," Medianama, <https://www.medianama.com/2019/05/223-us-trade-secretary-wilbur-ross-highlights-data-localisation-high-tariffs-on-electronics-telecom-products-in-india-as-trade-issues/> accessed 5 February 2020.
  109. Web Desk ( 20 June, 2019), "US mulling caps on H-1B visas to deter data localisation rules: Report", The Week, <https://www.theweek.in/news/biz-tech/2019/06/20/us-mulling-caps-h1b-visas-to-deter-data-localisation-rules-report.html> accessed 5 February 2020.
  110. Aileen Kwa and Peter Lunenborg (September 2018), "US' Section 301 Actions: Why they are illegitimate and misguided" South Centre Research Paper <https://www.southcentre.int/wp-content/uploads/2018/09/RP86_US-Section-301-Actions-Why-They-are-Illegitimate-and-Misguided_EN.pdf> accessed 10 January 2022.
  111. Prashant Reddy T and Sumathi Chandrasekharan, Create, Copy, Disrupt: India’s Intellelctual Property Dilemmas (Oxford University Press,New Delhi, 2017) 39.
  112. United States Trade Representative, 2019 National Trade Estimate Report on Foreign Trade Barriers (2019) 253, <https://ustr.gov/sites/default/files/2019_National_Trade_Estimate_Report.pdf> accessed 10 January 2022.
  113. United States Trade Representative, 2020 National Trade Estimate Report on Foreign Trade Barriers (2020) 255, <https://ustr.gov/sites/default/files/2020_National_Trade_Estimate_Report.pdf> accessed 10 January 2022.
  114. United States Trade Representative, 2020 National Trade Estimate Report on Foreign Trade Barriers (2021) 266, <https://ustr.gov/sites/default/files/files/reports/2021/2021NTE.pdf> accessed 10 January 2022.
  115. Prashant Reddy T and Sumathi Chandrasekharan, Create, Copy, Disrupt: India’s Intellectual Property Dilemmas (Oxford University Press,New Delhi,2017) 39.
  116. Jeff M. Smith (13 August, 2020), “Democracy’s Squad: India’s Change of Heart and the Future of the Quad”, War on the Rocks, <https://warontherocks.com/2020/08/democracys-squad-indias-change-of-heart-and-the-future-of-the-quad/> accessed 10 January 2022.
  117. Arindrajit Basu and Justin Sherman (6 August, 2020), "Two new democratic coalitions on 5G and AI Technologies," Lawfare, <https://www.lawfareblog.com/two-new-democratic-coalitions-5g-and-ai-technologies> accessed 10 January 2022.

About the Author

Research Lead at Centre for Internet and Society.

License

The Philosophy and Law of Information Regulation in India Copyright © 2022 by Arindrajit Basu. All Rights Reserved.

Share This Book