Two US senators have called on Prime Minister Narendra Modi to soften India’s stance on data localisation, warning that measures requiring it represent "key trade barriers" between the two nations.
In their letter, US Sentors John Cornyn and Mark Warner — co-chairs of the Senate's India caucus that comprises over 30 senators — urged India to instead adopt a "light touch" regulatory framework that would allow data to flow freely across borders.
"Data localisation requirements, such as those contained in the draft data protection bill and draft national e-commerce policy framework, will have negative impacts on the ability of companies to do business in India, may undermine your own economic goals, and will likely not improve the security of Indian citizens' data", the senators said.
When companies adopt high-quality privacy safeguards, the location of data has no bearing on whether the data is secure, they argued.
"In addition to effectively reducing data security, forced data localisation requirements create inefficiencies for both businesses and consumers, raising the cost of procuring and delivering data services including ones that local Indian businesses utilize on a daily basis,” Cornyn and Warner said.
"Ultimately, they also increase the cost, and/or reduce the availability of, data-dependent services," said the letter, a copy of which has been obtained by PTI.
The two Senators said that forced data localisation will also be counterproductive when it comes to India modernising its framework regarding law enforcement requests for data.
"Both the protection and security of data—as well as access to data for lawful purposes—can be enabled without a requirement that data be stored in a specific physical location. We encourage increased dialogue on these issues between law enforcement agencies in the US and India," the powerful Senators wrote.
Data localisation is an act of storing data on any device that is physically present within the borders of a particular country where the data was generated.
The Reserve Bank of India (RBI), in a circular in April, said all system providers will have to ensure that the entire data relating to payment systems operated by them are stored in a system only in India. It gave time till October 15 to comply with the mandate.
The letter comes as relations between Washington and New Delhi are strained over multiple issues, including an Indo-Russian defence contract, India's new tariffs on electronics and other items, and its moves to buy oil from Iran despite upcoming US sanctions.
Global payments companies, including Mastercard, Visa and American Express, have been lobbying the finance ministry and the Reserve Bank of India to relax proposed rules that require all payment data on domestic transactions in India be stored inside the country by October 15.
Other than the RBI proposal, India is working on an overarching data protection law that calls for storing all critical personal data in India. E-commerce and cloud computing policies are also being developed.