With a burgeoning penetration of the internet – some estimate e-commerce to soon go past 38 b $, data is the new currency of wealth and power. Its consumption will also account for more than 50% of telco revenues.

Against this backdrop, the mandate that all payment system providers should store their entire data relating to payment systems operated by them, only in India, had stoked substantial debate. The official argument in favor of such a fiat was that Indians could not be allowed to be blackmailed by foreign companies with control over their transactional data. However, data relating to the foreign leg of the transactions were allowed to be stored abroad as well.

Subsequently, there have been advocates who have gone as far as to exhort a digital Dandi – maintaining that data localization was central to ensuring the sanctity of the Indian Constitution and safeguarding of our critical assets. Even the doyen of Indian business Mukesh Ambani has equated data with oil and has urged the Government to help end data colonization.

The Justice BN Srikrishna Committee of experts that was set up to examine this subject worked on the premise that it was the duty of the State to protect data privacy since the right to privacy was a fundamental right. Thus the State was expected to put in place a framework which while protecting the citizen from informational intrusion served the common good, bearing in mind that data had the potential to both empower and harm.

The Data Protection Bill is a comprehensive personal data processing regulation. It recommends that for all data only a copy should be stored in India, but all sensitive personal data should necessarily be stored locally in India. While the advantage afforded to Indian data infrastructure companies is welcome, when we live in an era where data hacking has become the order of the day (recall the Facebook incident wherein the accounts of 87 million users were hacked, out of which perhaps 5 million were Indians) how can we be certain that data stored in India cannot be hacked? That the Indian State or a big data company will not become predatory?

What is more important is to ensure that data should be accessible no matter where it is stored. For this protocols and partnerships should be devised and established to enable data access anywhere, anytime. This will help e-commerce grow and allow it to be competitive in terms of pricing. A day may just come when an Indian company like PayTM may become global and establish its business in a hundred different countries. If all countries become insular and insist on data localization, would we be happy to have our multinational forced to have a hundred different-country server farms?

We also have to question if this will impact foreign direct inflows or be deemed a restrictive trade practice. Further, clarifications are needed: what is a foreign leg of the transaction? Does it include transactions done by foreigners in India or Indians when abroad? The US and most developed countries have a large laissez-faire approach to this matter.

The difference will lie in being able to keep critical data, protect it, be able to effectively analyze it, and make it promptly actionable. Those are the areas we should be astutely strategizing on.