India’s Experiment with Data Localization Compliance- A Step Towards Progressive Liberalization?

“Data is the new oil” is a dictum that rightly expresses the valuable affairs of the global digital markets. It is the highest valuable resource in the digital economy. Cross-border data supply is termed as the new elephant in the room because of the pressing demand by developing countries to localize data and to further govern them by their law. Data localization as a concept means any obligation, prohibition, condition, limit or other requirement’ contained in the ‘laws, regulations or administrative provisions of the states, which imposes the location of data storage or other processing requirements in the territory of a specific state or hinders storage or other processing requirements in any other state’.1

The concept of data localization is rooted in the principles of data sovereignty which promotes guarantee towards ensuring that national law shall apply to govern the data extracted in the nation’s territory.2 Thus, to secure that, it is required that the data is kept within the walls of the state and in the state’s jurisdiction. At present, there is no specific multilateral agreement governing the law of data localization and in most of the cases, plurilateral agreement or a bilateral agreement is signed to dedicate the body of rules particularly for this subject. Many developing countries and especially India are asserting mandatory data localization norms and have boycotted the stance of a free flow of data to boost multilateral digital trade citing numerous reasons in its support. It needs to be thoroughly analysed if India taking a step forward towards progressive liberalization or is setting up back its EXIM growth.


Economic ownership is functionally a correct approach for any nation as autonomous status is enjoyed not as a privilege but a sovereign right. Therefore, a condition precedent which requires critical data collected about consumers in a nation must be within the nation’s ownership. It should be available for the development of its nation rather than allowing it to be a fruitcake for some other country. Moreover, the more important concern which led to the alarming need for data localization is the fear of foreign surveillance on personal and financial information of the country’s citizens. Incidents like Cambridge Analytica and Huawei have inherited the apprehension of data theft followed by abusing it for ulterior motives ultimately causing a global breakdown.

Undoubtedly, the national security interest is one of the prima facie essentials of any nation. Such concerns are also recognized in the market access regulator agreements i.e. GATS and GATT. Specific exceptions have been inserted in order to recognize the right of Members to regulate and to introduce new regulations to meet national policy objectives. As ascertained, the free flow of data across national borders undermines cybersecurity and data protection. Cybersecurity as a threat in itself is so outrageous that this has led to the passing of mandatory data localization laws in many countries like China, Russia, Australia, Turkey, etc. Even the data transfer raises concern on privacy of an individual. Privacy has been widely recognized in the online context as a fundamental human right in different international treaties.3 India as one of the populated nations has a bigger role to protect the privacy of its citizens from being intruded by other nations.

A step towards data nationalism has already been gambled by India through the directions released by RBI in April 2018 where it asked all companies to store data related to payments system in India. It has affected many tech companies like Google Pay, MasterCard, etc. who are trying to comply with this directive on priority. After this, there have been eight sectoral notifications that have mandated the need for data localization in some form or the other.4 To somewhere praise the government, this step may give a boost in developing indigenous artificial intelligence eco-system in India wherefore a hub of cyber space can be armoured in the geology of India. It may also level-up the FDI generated in the sector of digital infrastructure as different companies have to either import the technology from their country or can use the Make in India products for complying with the data localization norms thus empowering the Indian economy.


The problem starts with the question that is- do we have enough farmlands to make data localization even successful? As per the statistics, when it comes to data centre storage, India lags behind not just the developed Countries but even Asia-Pacific. Europe at present has 12 times more storage capacity (8600 MW) than India (700 MW) even after having close to 40 million fewer Internet users as compared to users in India.  The current data storage market is under-served.5 One reason for this acuteness of viability can be the unpredictable temperature conditions of India. The data centres require cold temperature zones to function properly and efficiently. India which is known to be in the tropic zone increases the burden on companies who then have to create cooling fans for the same purpose. This ultimately inflates the pockets of players of the digital economy and adds up an extra cost on the already high infrastructural cost that they have to pay in compliance with the mandatory data localization conditions.

The major concern that rises in the global economy is that data localization norms create a barrier to data flows which further aggravates and creates a barrier to trade. Not only does it increase the compliance cost for Foreign Service providers, it further violates the principles of market access by arbitrarily reducing the access given to other countries making cross-border data transfers impracticable. It affects the principles of General Agreements on Trade in Services (GATS) that worships progressive liberalization. Ultimately, these geographical prescriptions on data lows and data localization contradict the fundamental end-to-end architecture of the internet that requires an unhindered and instantaneous flow of data across the network.


The question is whether India who currently has a frail economy ready to experiment with the EXIM matters and its foreign economic policies? Is it the need of the hour for India to enforce compliance with such a huge developmental project or is it just the clash between two ideologies that is Data exceptionalism and Data Nationalism? All these answers will be of relevant importance to the global village as it will decide the faith of India in the area of the digital economy. Meanwhile, it is asserted that some less trade-restrictive alternatives can be explored and exhausted so that the foreign trade does not suffer any adverse impact.


1 Neha Mishra, Privacy, Cybersecurity, and GATS Article XIV: A New Frontier for Trade and Internet Regulation? NUS CENTRE FOR INTERNATIONAL LAW RESEARCH PAPER NO. 19/11(2019)
2 Arindrajit Basu, Unpacking Policy Measures for Sovereign Control of Data in India, The centre for Internet and Society.
3 Neha Mishra, Privacy, Cybersecurity, and GATS Article XIV: A New Frontier for Trade and Internet Regulation? NUS CENTRE FOR INTERNATIONAL LAW RESEARCH PAPER NO. 19/11(2019)

Phone: +919841011111