The global politics of data is rapidly evolving as leading and emerging digital economies like the European Union (EU), the U.S., India, Indonesia, and South Africa strive to protect, monetise, and leverage data collected within their territories for domestic purposes. The age of borderless data with limited or no government control, once an aspiration, appears behind us.
Increasing privacy and security concerns coupled with economic interests have compelled governments to institute rules and standards that govern and restrict cross-border flows with natural implications for negotiations on global trade and commerce. Indeed, the sheer amount of data being generated and shared globally has necessitated governments to exert more control over the use, sharing, and cross-border flow of data. According to the Information Technology and Innovation Foundation (ITIF), data localisation laws have more than doubled from 2017 to 2021, indicating that states seek and want increasing levels of regulatory control over data.
Creation of single data market
Data regulation efforts transcend data localisation. Relaxing its deference to self-regulation by firms, Joe Biden’s administration recently issued an executive order on promoting competition in the American economy that pushed for the use of antitrust policy to meet the challenges posed by the rise of dominant platforms, and surveillance. European policymakers have introduced a bevy of digital rules that place individual users centre-stage, and enhancing their data security. Through the proposed Data Act, the EU hopes to become an unparalleled data power by creating a single data market, setting robust standards and deploying the EU’s collective data for their own use.
As a rising ‘data market’ with critical stakes in multilateral and regional negotiations on data, how can India negotiate data when it assumes leadership of the G20?
The G20 appears as a viable platform to discuss data, particularly sharing and transfer, given seemingly converging positions on data governance amongst major G-7 powers and emerging economies as the state finds a greater role in regulating data. Moreover, the G20’s track record as the apex forum to discuss global economic issues gives it legitimacy and having the top (digital) economies makes it an appropriate forum to discuss data. The G20 does not create binding rules but serves as a platform to catalyse and inject new thinking around critical current issues.
India was way ahead of the ‘data sovereignty’ curve, brandishing it to justify domestic policy-making and burnishing this stance at various international discussions, long before it became fashionable across northern jurisdictions. Since 2017, India has attempted to incubate governance of non-personal data, personal data, e-commerce regulation and artificial intelligence (AI) with a preference to harness “India’s data for India’s development.” These policies, including the recently withdrawn Personal Data Protection Bill, are works in progress but this does not take away from the vast ecosystem of actors — including experts, civil society, and industry actively engaging with and attempting to shape digital policy-making.
To underscore political rhetoric and drive global data discussions at the G20, the Indian government should present a holistic agenda that embeds data collection and sharing within a broader framework that prioritises digital security, innovation, and citizen rights.
For instance, the Reserve Bank of India’s data localisation directive has been in place for four years now. An empirical assessment of how this has impacted both start-ups, big technology companies, and users could serve as a useful example. Has localisation achieved requisite security and economic benefits? Or has it stifled digital innovation? Second, India’s digital economy stewardship must transcend data localisation by highlighting best practices on data protection, competition law, data stewardship, and responsible artificial intelligence both in India and other G20 countries. The ongoing effort to redraft the Personal Data Protection Bill and embed it within a ‘more comprehensive framework’ that addresses related concerns like cybersecurity must serve as an urgent domestic priority, and could lend weight to India’s G20 data approach.
By adding nuance to prevailing ‘data’ narratives and enabling countries with different views to express themselves and engage meaningfully on critical questions, India’s G20 stint would mark a key phase in the global digital economy.
Arindrajit Basu is a Non-Resident Research Fellow at the Centre for Internet & Society. Karthik Nachiappan is a Research Fellow at the Institute of South Asian Studies, National University of Singapore.