India must establish a comprehensive regime that includes ownership and control to counter threats of global surveillance, mainly from the US and China – Opinion News

By K Yatish Rajawat & Dev Chandrasekhar

As India strides towards becoming a digitally empowered society, the notion of data sovereignty becomes not just relevant, but also pivotal. We have so far conceptualised “digital” through infrastructure owned and operated by foreign entities. In light of global surveillance practices being pursued by countries where such infrastructure are created and monitored, it becomes imperative to question the constructs of data ownership, protection frameworks, and control over data infrastructure. We must establish a comprehensive regime that includes ownership and control to counter the threats of global surveillance, mainly from the US and China.

In April 2023, US President Joe Biden signed the Reforming Intelligence and Securing America Act, renewing Section 702 of the Foreign Intelligence Surveillance Act (FISA). The legislation authorises US firms to transfer foreign users’ communication data to the American government without a warrant for national security purposes. This affects data on popular cloud platforms like AWS, Google Cloud, and Microsoft Azure — widely used by Indian businesses, individuals, and even government entities. As a result, foreign users including from India face the risk of their data being accessed by the US government without their consent or knowledge.

Vodafone, Airtel take up AGR issue with telecom minister; brokerages say Vodafone’s growth plans on track

Karnataka CM launches ‘game-changer’ KWIN City – What is it and can it solve traffic woes of Bengaluru?

Ahead of PM’s US visit, diplomats laud India’s role in Global South, pitch for UNSC reforms 

Rashtriya Poshan Maah 2024: Here is what ITC is doing to contribute to healthier future for India

This underscores the urgency for a country like India to overhaul data governance. Given India’s population and the rapid expansion of its digital infrastructure, it is a repository of massive quantities of data. Establishing data sovereignty is vital for safeguarding privacy, as well as bolstering economic and national security.

Data sovereignty means that a country’s data should be subject to its own laws and stored within its territorial boundaries. This concept is not only about adhering to legal norms; it represents a strategic necessity as India seeks to assert itself as a technology frontrunner. Crucially, it also acts as a bulwark to protect India’s democratic principles in an increasingly connected world.

A robust data sovereignty framework can protect Indian citizens from data breaches and secure sensitive government and military operations. But sovereignty should not be conflated with mere data localisation. Simply storing data within national borders, without establishing stringent protection measures or clear ownership rights, is insufficient for guarding against external surveillance threats or domestic misuse.

India can take cues from global frameworks like the European Union’s General Data Protection Regulation which grants citizens significant control over their data and imposes strict regulations on companies over data access and management. It prioritises safe data handling, privacy, and algorithmic transparency, creating a foundation for digital independence while fostering innovation.

Another relevant model is the UK-US Data Access Agreement which addresses concerns of surveillance under FISA’s Section 702. The bilateral agreement, effective since October 2022, doesn’t eliminate the risks of mass surveillance but provides a framework for balancing law enforcement with privacy concerns. It emphasises judicial oversight, data minimisation, and human rights safeguards, prohibiting bulk data collection. However, this approach alone is not enough for India, given the scale of its digital landscape and the complexity of its data needs.
India should consider establishing similar bilateral or multilateral agreements with other nations, such as those of the BRICS group. But for such agreements to succeed, they must be aligned with India’s data protection laws. For instance, future Indian data protection laws should establish individual ownership of data, ensuring that citizens, not corporations or governments, hold primary rights over their personal data.

India’s vision for true digital sovereignty requires more than regulatory steps; it demands investments in domestic infrastructure. India must develop its own data centres, cloud storage, and processing facilities. A domestically controlled digital infrastructure would also open doors to economic opportunities in high-value, tech-driven industries.

India also needs to control the physical pipelines through which data flows, especially undersea cables. These cables carry nearly 99% of global internet traffic, yet they are mainly owned by the US-dominated G7 group. China has been aggressively expanding its stake in this space. Allegations of espionage involving Chinese ships repairing undersea cables underscore the geopolitical risks. To mitigate such dangers, India must urgently invest in its own undersea internet infrastructure. India can then safeguard its national security while ensuring resilient and uninterrupted global communication.

India’s path to digital sovereignty must be multifaceted. Besides building infrastructure, it is important to nurture domestic digital platforms and ecosystems that can compete with global tech giants. This will contribute to economic growth, job creation, and innovation too.

India may also consider adopting industry-specific data localisation measures. This would mean applying stricter controls on highly sensitive data, such as financial or health records, while allowing more flexibility on less sensitive information. Such stratified policies could maintain sovereignty without stifling global commerce and collaboration. Moreover, equipping Indian citizens with knowledge about data vulnerabilities will empower them to make informed decisions. Transparency and accountability must be the cornerstones of India’s data policies. Judicial oversight should be mandated for surveillance, ensuring that the right to privacy is protected and citizens are informed when their data is accessed.

The authors are respectively the founder and researcher at the Centre for Innovation in Public Policy.

Disclaimer: Views expressed are personal and do not reflect the official position or policy of FinancialExpress.com. Reproducing this content without permission is prohibited.

_{Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.}