India might be the next country to insist that internet companies store users’ data inside its borders. Reuters has learned that a government cloud policy panel wants locally-generated data (including info about Indians) to be stored on servers within the country.
The move would ostensibly make it easier for law enforcement and intelligence agencies to access data in the midst of investigations. “Data sovereignty” was important in light of “cross-border data flows,” according to a draft report recommending the move.
The leader of the panel, Infosys’ Kris Gopalakrishnan, didn’t comment on the recommendation. However, he acknowledged plans to submit the report to the Ministry of Electronics and Information Technology between the end of August and September 15th.
As with similar moves by China and Russia, the demand would raise all kinds of practical and ethical concerns. Cloud-dependent companies like Amazon, Apple and Microsoft would have to set up local servers, raising costs that might pass on to users. There’s also the matter of privacy: this theoretically makes it easier for authorities to spy on conversations or other sensitive info.
This may also increase pressure on services that encrypt data, especially those messaging services that don’t store chats on servers in the first place. Would India ask companies to decrypt data (even if they technically couldn’t) during an investigation, or make firms hold on to conversation data where they didn’t before?
This hinges on whether or not the government acts on the proposal, but it could create awkward situations where companies might either have to weaken their privacy protections or give up on one of the world’s largest markets.