Inc42 28 Nov 2019

Govt Intensifies Demand For Data Localisation After WhatsApp Privacy Breach 

by Aman Rawat

Data localisation will help the government to get legal access to all kinds of data

Large companies have been criticising the proposed data localisation norms

Data localisation norms have also attracted concerns related to privacy

Citing WhatsApp Pegasus snooping controversy, the Indian government is now planning to push its plan to mandate digital companies to store data of Indian users in the country.

According to an HT report, officials close to the matter said that the government believes that if WhatsApp’s data is stored in the country, it would have helped the authorities to carry out their own investigation related to Pegasus snooping case.

Notably, the provision which mandates the localisation of data of Indian users is a part of the Personal Data Protection Bill, which is expected to be introduced in the winter session of the Indian Parliament. At present, the draft personal data protection law proposes that companies store all ‘critical’ data within India.

Further, a government official close to the matter told HT that WhatsApp had informed the government about some kind of vulnerability in its application in May 2019 and then later in Septemeber.

At that time, the government was unable to take any action or start an investigation. “This is a serious issue of national security, and hence, requires necessary measures, including data localisation,” the official was reported as saying.

Moreover, another government official said that when WhatsApp decided to reach to individuals who were affected by the malware, Indian authorities were not kept in the loop.

The media report added that data localisation will help the government to get legal access to all kinds of data, including encrypted data, in cases of breaches similar to the WhatsApp-Pegasus incident.

However, large companies such as Amazon and Facebook, through prominent trade bodies such as the Internet and Mobile Association of India (IAMAI), are criticising the proposed norms. For these companies, complying with such a norm will increase their operational costs, licencing issues, among others.

Besides hurting the sentiment of these large companies, data localisation has also attracted controversies from individuals and experts about privacy concerns.

On the privacy concerns related to data localisation issues, the media report further quoted Nayantara Ranganathan, programme manager at the Internet Democracy Project, who stated that data localisation would heighten and consolidate the access to data by the government for surveillance.

This is not the first time when the government has reiterated its demand for data-localisation. Earlier last month, the government has also proposed to locate computing facilities inside the country for security and protect national interests.

Originally published in Inc42.