The government has told Amazon to “urgently” begin work towards setting up local servers and check unbridled cross-border migration of data without consent of users. This is as per a report by the Economic Times.
The process, when completed, will force the company to retain vast amounts of user data — generated by millions of subscribers to its platform — within the country, which will increase operational costs. It may also impact the ability of the company to engage in hardcore analytics and mine user information effectively.
IT and communication minister Ravi Shankar Prasad said he had conveyed the message to Amazon’s India leadership, including country head Amit Agarwal, when they had come calling on him recently. “What concerns us is the unbridled migration of data to overseas servers without consent of Indians,” Prasad said as he made a strong pitch for localisation of information storage. “Localisation of servers in India and having an element of consent of Indians is important for usage (analytics) of the data.”
There have been demands that users be given greater control over data that they generate. Justice B N Srikrishna committee on data protection emphasised on the need for informed user consent, while suggesting that companies maintain copies of data that they send abroad.
Kris Gopalakrishnan-headed panel seeks localisation of cloud storage data in possible blow to Amazon, Microsoft
An earlier news report by Reuters on 5th of August has said that a panel working on the Indian government’s cloud computing policy wants data generated in India to be stored within the country. This draft report has been seen by Reuters and is not released as such.
It could not only raise their costs because they will need to ramp up the number and size of data storage centres in India, where power costs remain high, but at least some of those increases are likely to be passed onto customers who include everyone from small start-ups to large Indian corporations.
The policy will be the latest in a series of proposals that seek to spur data localisation in India, as the government finalizes an overarching data protection law. Local data storage requirements for digital payments and e-commerce sectors are also being planned.
The authorities want the information stored locally so that they can more easily get access to it when conducting investigations.
India’s push for localisation comes at a time of heightened global scrutiny of how companies store user data. In July, Indian authorities had said that CBI had begun probing Cambridge Analytica’s misuse of Facebook user data, which New Delhi suspects included information on Indian users.
The draft report of the cloud policy panel, which is headed by the co-founder of Indian tech giant Infosys, Kris Gopalakrishnan, said a “forward looking” data protection regime was needed as India’s IT laws framework was “not sufficient” for cloud computing.
“We recommend localization of cloud data and any data that is stored about Indian entities or data generated in India,” it said, adding this data “must be available for investigative agencies and national security agencies.”
Gopalakrishnan declined to comment on the draft report, but said he hopes to submit it to the information technology ministry before month-end, or at least by September 15. A spokesman for the IT ministry said the department would review the report once it’s submitted but won’t comment before that.
Cloud computing refers to the provision of software, storage and other services to customers from remote data centres. It allows companies to use programs at lower operational costs as programs and data are not stored at the customer’s own data centres, or on their desktops.
Industry executives said many Indian businesses store their data on cloud servers located outside the country and a localisation mandate could force them to migrate data to India.
“Data localization will increase costs for public cloud companies as they might need to expand data centre capacity to fit customer data currently hosted outside India,” said Santanu Patro, a research director with research and advisory firm Gartner in India. He said they could pass on the increase to customers.
The panel’s draft recommendations said that India must consider the importance of securing “data sovereignty, especially in the context of cross-border data flows”.
“Indian legal and policy frameworks must focus on ensuring that data generated from India can be utilised for the benefit of Indian citizens, governments and private players,” it said.
An executive at a global technology company offering cloud services in India described the policy’s recommendations as “protectionist”. “It seems we’ve turned the clock back on globalisation,” the executive said.
The Indian public cloud services market is set to more than double to $7 billion by 2022, the draft report said. Enterprise spending on data centre infrastructure software will rise 10% to $3.6 billion in 2018, research firm Gartner estimates.
The government panel’s draft listed Amazon, IBM and Microsoft among key companies already registered under a government initiative on cloud computing. It also listed Alphabet’s Google, Oracle and Salesforce.com as those with “significant presence”.
Amazon, for example, says “tens of thousands of customers” in India use its AWS cloud service platform. “Due to increasing requirements of data hosting, India would need rapid establishment of data centres,” the report said.
The report, however, highlighted infrastructure and connectivity challenges faced by cloud service providers in India – such as high power costs and the need to get various permits – which raise the cost of running data centres.
More than 80% of India’s data centre supply was concentrated in five cities, the panel said. It recommended conducting a study to identify 20 locations conducive for such infrastructure, while also looking at incentives and relaxed tax structure for the industry’s growth.
The panel also plans to recommend development of a “national cloud strategy” that could bring cloud service providers under a single regulatory and policy framework.
The Indian government’s data localisation push has already unnerved U.S. companies who fear it will drive up costs and unsettle businesses. A government panel last week floated a bill that proposes all critical personal data should be processed within India.
Lobby group U.S.-India Business Council said the bill had raised some concerns and it would seek to work with the Indian government to improve it before its passage. The representatives of this group had said, during a meeting in June, that storing the data exclusively in India would be a security risk, as in the event of a natural disaster no one would have access to it in case it was all stored in one place.
There was another report dated 25th July, which stated that U.S. payment firms have successfully pushed India to consider diluting rules on data storage, but their lobbying campaign has sparked a bitter industry spat pitting them against local rival Paytm.
As per a report in the Techcircle.com dated 6th August, foreign payment companies could keep copies of customer data in India while retaining offshore storage operations, the government has said as a way to resolve conflict between foreign payment companies like MasterCard, Visa and Paytm.