wordpress blog stats
Connect with us

Hi, what are you looking for?

Rajya Sabha MP Rajeev Chandrasekhar argues against data localisation

“The ideals of privacy and data protection in today’s world will never be achieved by a regulatory bearhug.”

Member of Parliament Rajeev Chandrasekhar has said that cross-border data transfer restrictions and data localisation mandates are “likely to create a huge barrier to market entry” to companies in India. “India at present does not have the physical infrastructure to host large scale data centers,” Chandrasekhar said. These comments are part of his filing to the IT Ministry’s public consultation for the Srikrishna committee’s data protection bill, provided to MediaNama.

“These restrictions appear to be motivated only to facilitate law enforcement and Security agencies access to data and does not lead to any meaningful bolstering of privacy rights while it can be argued that the impact of such restrictions is also far reaching and disproportionate to the benefits,” he said.

Chandrasekhar is a member of the BJP. His views notably diverge from that of Vinit Goenka, who has called for ‘data sovereignty‘ and strongly supported data localisation requirements. Chandrasekhar has previously argued against localisation, questioning its effectiveness. But, he said, “I won’t stake my parliamentary career on fighting data localisation,” choosing instead to push on fairer ways to regulate data collection and regulating for harms that come out of it.

According to the draft bill, data localisation and cross-border data transfer restrictions essentially require companies to host a large amount of user data within India, and in some cases only in India. Internet companies have traditionally pushed back against such restrictions, arguing that costs will rise and that the internet is inherently global.

Advertisement. Scroll to continue reading.

“Structural deficiencies”

In his five-page submission, Chandrasekhar argued that the Srikrishna committee’s bill needed to go through months of consultation before it was finalized. The Srikrishna Committee Report is a good start. But the structural deficiencies in the draft bill however defeat these objectives.

Vague and capricious regulatory regime: Chandrasekhar warned that the bill was creating a framework that was too broad which is “subject to the whims of the man on the wheel.”

He called for an alternative to “highly intrusive and expensive regulation”. He pointed to the threat of ‘consent fatigue’, echoing the much-debated idea that accountability should be the primary basis of a data protection law, rather than consent.

Chandrasekhar’s filing does not, however, question the primacy of consent. He also raised concern on the “astonishing civil and criminal penalties”. Criminal penalties like jail time are highly unusual in data protection legislation enacted abroad.

Trump administration may retaliate to localisation: Chandrasekhar said, “The restrictions of on cross-border data transfers has the potential to create a case for isolating the Indian market. It is highly likely that countries such as the United States, under the Trump administration will respond kindly, in line with its terse stance on free trade. The great dividends of efficiency created by the internet will be lost to these measures that fragment it.”

Irreversible anonymisation is impossible: “The bill requires ‘irreversible’ anonymisation which is arguably technically impossible,” Chandrasekhar pointed out. The bill’s standards for anonymisation surpass even those of Europe’s General Data Protection Regulation (GDPR), Chandrasekhar said. “Despite adopting a progressive outlook, the overarching objectives are frustrated,” he says.

Compliance for small businesses: The bill’s compliance framework does have differential rules for small and large businesses in terms of compliance, Chandrasekhar said, but the lack of clarity on that distinction could cause uncertainty, he said.

Advertisement. Scroll to continue reading.

“The ideals of privacy and data protection in today’s world will never be achieved by a regulatory bearhug,” Chandrasekhar said, adding that upto a year of further consultation may be required before the bill goes to parliament.

Read Chandrasekhar’s submission (pdf)

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ