This is the 2nd data localisation law in past one year. The last one was for finance related data. And this one seems to be for eCommerce related data. So, I am confused on how do Google/Facebook figure in that discussion?
One of things I have noticed is that in India there is an increasing awareness about data. Indian government, like most of other government, is now getting over zealous with their data requests. But, if the data is not locally stored having companies comply is proving difficult. So, having companies store data locally is becoming increasingly necessary.
On the other hand, companies are stepping up their data collection measures. 7 out of 10 places ask for mobile numbers so that they can give you "free offers". Lot of mobile wallet companies give you "cash-back" in exchange for collecting data about your habits.
Indian government and legal system isn't transparent enough in most of its dealings, so I wouldn't term these measures as entirely positive, and it may be driven by shady 'national security' concerns than any real concern about privacy.
Before some of you take out your pitchforks against India's "socialist / commies" out to screw western companies, please read this:
> An investigation by the Reserve Bank of India (RBI) has revealed that Microsoft has been passing user data that it gathers from Indian banks that are Office 365 customers to various U.S. intelligence agencies, upon demand ... Microsoft is bound to share customers’ data under US Foreign Intelligence Surveillance Act (FISA) and US national security letters as and when required by the US authorities.”
> ... In the Office 365 contract, the banks agreed to share such data only if it was sanctioned by the Government of India or an Indian court. The contract also made provisions for gag orders issued by the U.S. agencies, where Microsoft wouldn't be allowed to outwardly acknowledge the disclosure of the user data ...
>this highlights one of the obvious dangers of using a "cloud service"
This is more a basic result of just not having control of the server side stack. No amount of regulation is going to fix that. You have any number of laws, which can be undermined with a change of a bool by the vendor, and you can't do anything about it. If a government needs basic infrastructure like email, just do it in house. It isn't that hard.
> This is more a basic result of just not having control of the server side stack.
That's software-as-a-service in a nutshell for you. Even if you opt to setup your own server, and develop a custom solution, the US government has the right to ask you to install black boxes on your network and or data centers (read about Lavabit shutting down because of this), if you are on US soil (or operating from the US?).
>if you are on US soil (or operating from the US?)
Exactly. Email and nextcloud exist. With a government or a bank's budget, it's not that hard to set these things up locally (i.e., within your jurisdiction). Look at France and Matrix for example. If someone tries to subvert your security measures, that can be taken up as a criminal offence. At least you are not relying on legalese and other agreements to safeguard your interests.
Protected, yes, enforceable, not really. You are talking about a reactive stance where regulation will protect black box systems that you have no control over. That's just not possible. You can, and should, have regulation to protect the weaker classes, but hoping that it is really enough is naive. The whole point of open and federated protocols like email is to avoid lock-in. So if a large government or a bank cannot host email, that's a deficiency that they should remedy first.
Then you aren't aware about India. The Government of India aggressively even revised a law, to get 2+ billion dollars of tax from Vodafone, after Vodafone won the case for not paying it in the Supreme Court of India. [Source: https://thewire.in/business/vodafone-versus-india-bit-intern... ].
Second, while your fears on abuse is valid, but this is how international laws slowly come into being. Each country makes their own laws and when they conflict with each other, they sit, talk and evolve mutually beneficial laws. (Or they fight wars and the winner enforces their laws).
Note that while these laws may seem protectionist, it's goal is to provide even foreign players a legal framework to do business in India.
There might be deeper trade concerns underlying the change in Delhi's stance, I do not think bureaucrats in the Indian government ever really created about privacy - its a convenient Casus Belli.
India mostly allowed free access to US tech companies for a while.
In exchange tech companies created a lot of middle class jobs in many indian cities.
But more importantly there seemed to an unwritten trade deal involving immigration.
Ever since Trump made his hardline immigration stance actionable, Indian consulting companies have taken a beating.
India's main dollar income source has been Indian working abroad.
It was an win win for US multi nationals, they got access to a large and growing market and also had access to cheap skilled labour.
It was also an win win for the upper middle class ( who really control the conversations ) in india, since they got access to US technology, better paid domestic software jobs and send their kids to the US.
In my own reading on India. They will crush any foreign company that tries to gain a monopoly market share - they did it with middle eastern telecom operators, and they will do it with US tech companies when its convenient. They rather their own billionaires have the monopoly.
There is nothing anybody else can do about it, since they have the numbers. So its really risky to invest large amount of capital in India, even if the average Indian is really thirty for capital and investment.
But I have noticed the average capitalist falls for India's trap time and again. I think it has to do with returns, if India was offering 20% RoR and companies were getting 2% RoR then as a CEO / manager I had to change my asset allocation regardless of future political risks involved.
The Brits used to (and still do) capture indian mindshare and had them as their largest customer base - it didn't turn out well for indian national interest though.
Are you saying Indians chose to be "customers" of the British? I've heard a lot of interesting characterizations of the colonization and subsequent exploitation that was the bedrock of British India, but this one's new.
> Are you saying Indians chose to be "customers" of the British?
No.
India has a large domestic demand but it would be awful to allow non rupee denominated assets to supply that demand.
Imagine tomorrow India got rid of its strong tariff regime.
India's inflation is under control through making it punitive to buy foreign goods which India has a strong demand for.
The idea ever since Gandhi is to use domestic capabilities to provide services India demands. Domestic tariffs are also a form of coercion - but in this case it serves India's national interest.
With the Brits the main source of oppression was through preferential trade that tilted everything in their favour - either through hard power of soft ( like they still do today ).
You make some good points but alas many bad ones. The most glaring one is your hypothesis about Immigration: this has nothing to do with Trump whatsoever. Even if HRC was president and liberalized the immigration system, this would still happen. You haven't been following events in India closely enough; there are genuine concerns with services that most Indians use being owned/regulated by a non-Indian company, thus leading to a lack of the desired controls.
You can argue that it might be a bad idea to do that. However, as a Sovereign Nation, they do reserve the right to do whatever they want in their country.
How would data localization apply across specific parts of a data graph without pulling in the entire graph?