Brahma Chellaney, The Hindustan Times
Data is the oil of today’s digital age, in which every individual, through Internet activity, leaves a footprint of personal information, which is controlled by others. In fact, just like oil in the past century, data is now the most valuable resource in the world — an engine of growth and change. Akin to uranium, data is a game changer. But like oil or uranium, data must be processed to create something of value.
How data is processed and stored carries major implications for national and international security. Hacking and theft of critical data is central to cyber-espionage.
The global “data economy” is dominated by a few tech titans like Alphabet (Google’s parent company), Amazon, Apple, Facebook and Microsoft. These giants vacuum up vast troves of data that help build a digital profile of every individual, including the person’s preferences, foibles and secrets. Their data collection can reveal as much about a person as government surveillance, if not more.
Today’s “data brokers” are financially incentivized to collect and monetize personal data of people all over the world. The collected data, however, is used not just for business purposes. Nor does it stay in the private sector alone. Thanks to Edward Snowden and other revelations, we know that the US government employs several tools to acquire data from the Internet giants. And through its National Security Agency it directly accesses the systems of Google, Facebook, Apple and others.
America’s massive databases arm it with an Orwellian capacity to track digital footprints and personal information of individuals, both Americans and those overseas, including decision-makers. In fact, the 2015 US Cybersecurity Information Sharing Act has essentially legalized all forms of government and corporate spying. This serves as a reminder that the Internet, although a major boon that we cannot live without, facilitates surveillance.
It is paradoxical that those in India who raised a hullabaloo about how the digital-identity Aadhaar system threatens privacy are mute on the larger and more fundamental issue — the monopolistic control of the most powerful tech companies on the data of all, including Indians. It is as if they believe that Aadhaar, aimed at turning parts of India’s data economy into public infrastructure for doling out subsidies and deterring fake identities, is more dangerous than the expansive data vaults of the global tech giants.
There has little debate in India on the government’s Personal Data Protection Bill, which seeks to take data back from the global behemoths by granting Indians protection rights and mandating local storage. Not surprisingly, the bill has come under withering attack from the giants and the US government, which is wielding the threat of a Section 301 investigation against India on this and other trade-related issues.
A handful of companies’ data hegemony is raising security concerns not just in India. Many Americans, concerned about unchecked privacy intrusions, are calling for guardrails to protect data. Europe’s 2018 General Data Protection Regulation enforces tough data-privacy rules. Google has faced huge fines in Europe for abusing its data power. France recently imposed a 3% tax on digital transactions, and Italy is following suit. If India and other countries emulated their example, billions of dollars could shift from US tech companies to local economies.
Let’s face it: The Internet is not a competitive, free-market place but an oligopoly, with Google dominating search, Apple and Google controlling mobile, Facebook ruling the social media and Amazon dominating e-commerce. Worse still, these behemoths are relatively opaque when it comes to their data-collection and retention policies. Their data collection is no less intrusive than government surveillance.
Against this background, India’s data bill, carrying European-style protections and penalties for data-privacy breaches, is a step in the right direction. After India’s Supreme Court held that privacy is a fundamental right, the Srikrishna Committee helped draft this bill. Unfortunately, the government, while introducing and getting passed a record 28 bills in Parliament’s recently concluded session, held back the long-pending data bill to consider changes that could satisfy the US. The bill’s dilution could seriously hobble its purpose.
By opposing India’s move to localize data storage, the tech giants wish to remain unfettered to collect and utilize data opaquely. Their message to India is “trust us”. But as Ronald Reagan said, “Trust, but verify”. A few extraordinarily powerful corporations, with oligopolistic control of sensitive data and US government backing, should not be allowed to influence the provisions of Indian legislation.
Requiring multinational corporations to respect privacy and to store data locally is not about limiting their ability to make money. It is about shielding data through legislative protections that compel these firms to correct their practices. India must seek to loosen their grip over data by mandating greater transparency and imposing limitations on the processing and sharing of personal and sensitive data.
Make no mistake: Like European colonialism in the past three centuries, data imperialism could have serious and lasting consequences.
Brahma Chellaney is a geostrategist.