Accessing data stored abroad is the major hurdle for Indian law enforcement agencies in investigation and prosecution of crimes. To what extent the data localisation clause included in the recent draft data protection bill addresses the issue. Discuss. (200 words)
Refer – The Hindu
Enrich the answer from other sources, if the question demands.
IAS Parliament 6 years
KEY POINTS
· Eight of the top 10 most accessed websites in India are owned by U.S. entities.
· Indian law enforcement agencies rely on an outdated Mutual Legal Assistance Treaty (MLAT) process to obtain data stored by U.S. companies abroad.
· This reality has often hindered Indian law enforcement agencies when investigating routine crimes or crimes with a cyber-element.
· To boost law enforcement efforts, the draft data protection bill includes data localization which calls for a copy of user data to be mandatorily localised in India but it mandates local storage of data relating to Indian citizens only.
Concerns with data localisation
· A fundamental error is the belief that the location of data should determine who has access to it.
· The U.S. law effectively bar its companies from disclosing user data to foreign law enforcement authorities.
· Technology companies are allowed to share data such as content of an email or message only upon receiving a federal warrant from U.S. authorities.
· This scenario will not change even after technology companies relocate Indian data to India.
· Even if Indian authorities force compliance from U.S. companies, it will only solve a part of the problem because, localisation can provide data only for crimes that have been committed in India, where both the perpetrator and victim are situated in India.
· For investigations into transnational crimes, Indian law enforcement will have to continue relying on cooperative models like the MLAT process.
Way ahead
· The Clarifying Lawful Overseas Use of Data (CLOUD) Act, passed by the U.S. Congress will for the first time allow tech companies to share data directly with certain foreign governments.
· This, however, requires an executive agreement between the U.S. and the foreign country certifying that the state has robust privacy protections, and respect for due process and the rule of law.
· The draft Bill comes as an opportunity to update India’s data protection regime to qualify for the CLOUD Act.
Shankaranand 6 years
Please Review
Thank You
IAS Parliament 6 years
Avoid spelling mistakes. Try to avoid minor mistakes like use of the word public sector instead of private sector. Keep writing.
gaurav saini 6 years
plzz review...
IAS Parliament 6 years
