Frequently demands that citizen data be collected in local data centers, and often restrains movement of that information outside of a country’s borders. The European Union’s GDPR policy is one example, although it’s nearly acceptable. China’s relatively new cloud computing law is much more strict and forced Apple to turn over its Chinese-citizen iCloud data to local providers and Amazon to sell off data center assets in the country.
It appears that will follow the same policy. According to Aditya Kalra in Reuters, an influential cloud policy panel has confirmed that India commands data localization in the country, for investigative and national security reasons, in a draft report set to be released later this year. That panel is headed by well-known local entrepreneurs Kris Gopalakrishnan, who founded Infosys, the IT giant.
That report will correspond other policy statements from the Indian political establishment in recent months. The government’s draft National Digital Communications Policy this year said that data autonomy is a prime mission for the country. The report called for the government by 2022 to “Establish a comprehensive data protection regime for digital communications that safeguard the privacy, autonomy, and choice of individuals and facilitates India’s effective participation in the global digital economy.”
This is the objective of governments around the world. While privacy and protection are certainly uppermost priorities, governments now recognize that the economics of data is going to be critical for future innovation and growth. Managing local control of data — through whatever means required — ensures that cloud providers and other services have to spend locally, even in a global digital economy.
India is both a compelling and an ambiguous display of this model. It is crucial because of the size of its economy: public cloud revenues in the country are expected to hit $2.5 billion this year, according to Gartner’s estimates, an annual growth rate of 37.5%. It is ironic because much of the historical progress of India’s IT industry has been its capacity to offer offshoring and data IT services across borders.
Indian Prime Minister Narendra Modi has made development and rapid economic growth a top priority of his government. (Krisztian Bocsi/Bloomberg via Getty Images)
India is certainly no stranger to localization demands. In areas as diverse as education and e-commerce, the country keeps strict rules around local ownership and investment. While those rules have been opening up slowly since the 1990s, the explosion of interest in cloud computing has made the gap in regulations around cloud much more apparent.
If the draft report and its various systems become law in India, it would have vital impacts on public cloud providers like Microsoft, Google, Amazon, and Alibaba, all of whom have cloud operations in the country. In order to comply with the regulations, they would almost certainly have to expend significant resources to build additional data centers locally, and also enforce data governance mechanisms to ensure that data didn’t flow from a domestic to a foreign data center accidentally or programmatically.
I’ve written before that these data autonomy regulations sequentially benefit the largest service providers since they’re the only ones with the scale to be able to competently handle the thicket of constantly changing regulations that govern this space.
In the India case though, the expense may well be warranted. Given the phenomenal growth of the Indian cloud IT sector, it’s highly likely that the major cloud providers are already planning a massive expansion to handle the increased storage and computing loads required by local customers. Depending on how simple the regulations are written, there may well be a limited cost to the rules.
One question will involve what level of foreign ownership will be allowed for public cloud providers. Given that several foreign companies already exist in the marketplace, it might be hard to completely eliminate them entirely in favor of local competitors. Yet, the large providers will have their work cut out for them to ensure the market stays open to all.
The real costs though would be borne by other companies, such as startups who rely on customer datasets to power artificial intelligence. Can Indian datasets be used to train an AI model that is used globally? Will the economics be required to stay local, or will the regulations be robust enough to handle global startup innovation? It would be a shame if the very law designed to encourage growth in the IT sector was the one that put a dampener on it.
India’s chief objective is to ensure that Indian data benefits Indian citizens. That’s a laudable goal on the surface, but deeply complicated when it comes time to write these sorts of regulations. Ultimately, consumers should have the right to park their data wherever they want — with a local provider or a foreign one. Data portability should be key to data sovereignty since it is consumers who will drive innovation through their demand for best-in-class services.