This has often been discussed, in the wake of the extensive debates around data privacy and how companies safeguard user data. There have also been extensive discussions on the potential policy ramifications of the Draft Data Protection Bill 2018, introduced last year. But when the richest Indian and Reliance Industries Chairman Mukesh Ambani says it, everyone has to sit up to take note. Last week, at the Vibrant Gujarat Summit, Ambani urged Prime Minister Narendra Modi and the Government of India to end what he calls “data colonisation" by global corporations and believes that Indians should own and control their own data online.
“Data is the new oil. And data is the new wealth. India’s data must be controlled and owned by Indian people - and not by corporates, especially global corporations," said Ambani. Perhaps Mr. Ambani took the oil analogy from The Economist, which in May last year had written, “Data are to this century what oil was to the last one: a driver of growth and change. Flows of data have created new infrastructure, new businesses, new monopolies, new politics and—crucially—new economics.” But the crux of the matter is—data is the new economy, and we need to be careful to not fall behind.
But what exactly is data colonization?
The dictionary definition of colonization reads something on the lines of “the action or process of settling among and establishing control over the indigenous people of an area” and this includes “the action of appropriating a place or domain for one's own use.” In the context of the world wide web, this relates to all the data that users generate, which in this case is the specific reference to the user data generated in India. At the moment, most apps, web services and pretty much most of the online traffic is stored on servers outside of India.
Let us take the example of Facebook. The most popular social network in the world, despite all the controversies, gets a large chunk of its massive user base from India. As per research firm Statista, Facebook had as many as 294 million users in India—the most it has from any country, by far. The US is second with 204 million and Indonesia is third with 134 million. All this data which Facebook has, is stored on servers in the US and outside India. It has our usage data, browsing behaviour, a sketch of our habits, preference data, facial recognition tools and more—all collected on a daily, hourly and per minute basis.
Saving us from ourselves?
It is not just Facebook. Amazon, Google, Uber, Apple, Microsoft, to name a few, are some of the top technology companies that we rely the most on. And these are also the companies that rely the most on artificial intelligence (AI) to make sense of the data that we send them, knowingly or unknowingly. No wonder then that Facebook, despite an active user base of 2.27 billion monthly active users according to data by digital research firm Zephoria, can still do facial recognition of you and your friends, with almost cent percent accuracy. Uber, on its part, now has so much driving data that it can now pretty accurately predict where you want to go. The same is true for all smart assistants, including Google Assistant, Apple Siri and Amazon’s Alexa—the more you use them, which in other words is data, the better they get over time. The more you shop on Amazon, the more Amazon knows about your preferences. Basically, any app that we use, sends out some data or the other, about us. These are just some illustrations of what data there is, what we generate, and how it is useful for the companies collecting that.
Do we need a new law?
It is not as if the government is struggling for answers to this exact conundrum. It already has many tricks up its sleeve. It could just be about implementation.
The Draft Data Protection Bill 2018, submitted by the Justice Srikrishna committee to the Ministry of Electronics and Information Technology (MEITY) in July last year, tackles the issue of data logging and storage by companies, particularly those based abroad. The recommendations suggest that data localization for personal data is mandatory, and every data fiduciary shall have to keep a copy of the data they collect on a server or data center located in India. This is applicable even if the data fiduciary is keeping another copy of the data set on a server located outside India. The data fiduciary in this case, would be the companies that we interact with—such as Google, Facebook, Amazon etc.
In December, the Department of Industrial Policy Promotion (DIPP) of the Ministry of Commerce and Industry rolled out the final guidelines for the functioning of ecommerce websites and marketplaces in India. The new Foreign Direct Investment (FDI) policy for ecommerce, which gets implemented next month, has tighter rules about exclusive sales, particularly from foreign companies.
It has also been reported that the government is considering a draft data security law that will require the data centers of even ecommerce companies to be physically located within India, apart from saving a copy of that data within the geographical boundaries of India.
The reality is, data is priceless. And companies have more than enough of that data about each of us. Every single time we open and use an app, or log in on a website or even buy something from an online store, it us all creating data. It may not matter much to you and I, but all that data makes sense to those who are capturing it. Do you really want them to know more than they already do? That is something to ponder on.