Indian data laws have an uncanny resemblance to Russia’s 'new' internet and China’s 'Great Firewall'

• India’s draft of the Personal Data Protection Bill 2019 allows the government to have unfettered access to citizen data in the name of ‘national security’.
  
• Russia’s successful test of its own internet enforces a similar ‘sovereign internet’ law allowing for content to be blocked in an ‘emergency situation’.
  
• India is already following in China’s footsteps with data localisation.
  

Many Asian countries are moving to limit the many unlimited freedoms that Internet offers. The latest to join the list is Russia which just completed the first successful test of its own internet. And China already has the Great Firewall.

India, on the other hand, is best known for shutting down the internet all together in any situation it deems to be a ‘public emergency’.

India, which already has the dubious distinction of being called the ‘internet shutdown capital of the world’, is looking to introduce stringent laws. A new draft of the Personal Data Protection Bill speaks of more restrictions and surveillance.

While the government claims that the goal of the bill is to emulate Europe’s General Data Protection Regulation (GDPR), one key different puts it more along the footsteps of China and Russia’s data laws — the fact that the government can have unfettered access to citizen data for ‘national security’.


The first steps towards mass surveillance

A day before Christmas, the Russian’s Ministry of Communications announced that the country has successfully unplugged the internet according to a BBC report. It marks the implementation of Russia’s ‘sovereign internet’ law, which allows the government to block content in an ‘emergency situation’.

Experts’ main critique of the law is that it’s the first step towards dismantling the internet. The definition of an ‘emergency situation’ is vague but the government insists that the main purpose is to prevent cyberattacks.

Critics in India find similar faults with the Personal Data Protection Bill. Though the government won’t have the power to remove online content, it will be able to track and monitor accounts that it deems to be a ‘threat’ — essentially creating a backdoor that can be opened at any time without having to lift a finger.

Another way to think about it that the new data privacy laws will apply to everyone, except for the government.

The trend of data protection through localisation

India is already following in China’s footsteps with its data localisation laws, according to a report by the Eurasia Group and Vontobel. They say it’s partly a way to protect domestic technology companies from foreign competition.

And while that may be true, multiple studies show that India companies don’t have the adequate cybersecurity infrastructure in place to protect against data theft. Forcepoint finds that 69% of Indian organisations are at risk of being breached and nearly half of them have encountered a data breach in the past.


The level of a vulnerability is worryingly high when one takes into considering that the country has already made data localisation mandatory for financial transactions of its citizens.

As experts point out, data localisation may keep the data from foreign firms — but it also creates a single point of attack. It won’t be cheap either. According to a report by ICRIER and IAMAI, the restrictions would hamper cross-border data flows costing India up to $43 billion in trade.

The lingering question

The Personal Data Protection Bill 2019 is still under discussion leaving the possibility open for the proposed laws to be changed before they’re official.

"Effective data privacy and personal information protection are critical pillars for driving consumer trust in the rapidly growing digital economy," said the country manager for BSA India, Venkatesh Krishnamoorthy.

And he rightly points out, maintaining trust is critical as cybersecurity threats are only set to increase in 2020 as technology continues to evolve and legislation struggles to keep up.

The combination of data localisation and tracking of users online activity makes a for a dangerous mixture that could have India becoming the next country to splinter the internet along with China, Iran, Russia and Saudi Arabia.

See also:
India's new data protection law is in the works and companies will only have to pay $2 million for violations

Groups of foreign companies are lobbying against India's Personal Data Protection Bill

Data localisation won't help 'local' firms or improve privacy — but it could cost India $43 billion