- Home
- Digital Trade Clauses in FTAs and India’s Data Industrialization Goals: The Bilateral Way Forward
India’s digital trade potential
The incentivization for digitization coupled with pandemic-imposed necessity for adoption of digital tools has led to a manifold increase in quantity of data generation from India. A comprehensive data protection legislation is underway in India which will provide a specialized legal framework for data protection and information privacy. The data protection legislation will have rippling effects for the country, not only domestically but also from the perspective of international trade. Several products and services offered by organizations/entities today require processing of massive amounts of foreign data. At the same time, each activity in the journey of a dataset – like collecting, sharing, processing and protection takes place at various locations around the world, thus being subject to multiple regulations at a time. It is at this juncture, that digital trade clauses in Free Trade Agreements (FTAs) are increasingly being considered as a tool to reduce friction caused by domestic regulations pertaining to cross-border data flows.
As of January 2022, India recorded over 658 million users of the internet[1]. In terms of mere potential, data converts to revenues, soft-power capabilities, and strategic influence. Based on a study conducted by the Internet and Mobile Association of India (IAMAI), a 1% decrease in international internet bandwidth could lead to a loss for India of about USD 696.71 million in total volume of goods traded[2]. Needless to mention, many prospects of monetizing this data are at the country’s disposal. Due to these prospects of data industrialization along with national security and local regulations-related issues, the domestic sectoral restrictions are imposed on cross-border data flow in India. As a matter of macro policy, India is taking gradual but effective steps towards cross-border data flow with adequate protections at a bilateral level.
This article looks at India’s policy considerations and collateral events so far, to evaluate the rationale behind modern-day provisions in FTAs and India’s recent glocalized stance on cross-border data flow. On analysis, it appears that India’s data industrialization goals are represented better in bilateral agreements rather than multilateral arrangements. India might seek to engage multilaterally when adequate protections are brought in through its long-anticipated data protection legislation. Thus, for now, this article explores ways around India’s strict sectoral regime for optimum data sharing.
India’s premise for data localization
India has a host of laws that mandate local physical storage, mirroring, and processing of data within domestic jurisdiction. Many reasons have been accorded for impositions of these restrictions. One of the major concerns is access to data for investigation and other operational purposes. Timely access to data becomes crucial for law enforcement agencies and regulators in cases of malpractice, data breaches as well as technological disruptions. Although data is collected in India, it is stored in data centers located outside the legal jurisdiction of India. In such situations, the regulators as well as law enforcement agencies rely on mutual legal assistance treaties (MLATs) to access the relevant data. MLATs assist in procuring the data but the contours of the same are limited to public/criminal laws. Its application for securing data for research/regulatory purposes is unknown and not tested.[3] Apart from being a cumbersome process, the effectiveness of MLAT also depends on bilateral relations between the consenting states.
Now India is considering prospects of monetizing the data by easing localization norms in light of several inputs received from start-ups around the country[4]. With stakeholders within and outside pitching for globalization, India’s data protection bill is being seen as a measure to allow India to join the multilateral bandwagon with other states. There are indications that the anticipated data protection legislation will contain liberal provisions pertaining to data localization and cross-border flow of data.[5] Till the data protection legislation is enacted, the current applicable regulations updated from time to time and the bilateral agreements are the most preferred mode for recognizing cross-border data flow from India. Given the applicable framework to work in sync with other countries, listed below are some for it to work seamlessly to be part of the global trade with respect totechnology.
India’s sectoral regulations on data storage
India achieves its localization mandate through strict sectoral restrictions on data transfers across borders. However, states globally are insistent[6], and policy institutes[7] are pitching for relaxations of data localization norms in the interest of commerciality, research, and social-good factors. Bilateral treaties containing digital trade clauses – although aiming to balance the data localization norms – are only suggestive in nature and do not overlap with sectoral regulations. Considering this, some of the India’s domestic sectoral laws/rules/regulations which impose restrictions on international data transfers include the following:
Apart from the above,the National Data Sharing and Accessibility Policy (NDSAP) of 2012 mandates localization of all government data while permitting transfer of non-sensitive data for legitimate use[12]. The MeghRaj Initiative pertaining to data storage practices of government departments requires all empaneled cloud service providers to store all physical and online data in India[13]. These industry-specific regulations although clustered, provide adequate measures for the government and regulators to carry out their functions effectively. Some information/data not stored in India are then procured through MLATs.
India’s disengagement from consensus starved multilateral commitments
As an extension of India’s insistence on data localization, it made an international remark by abstaining from participation in Japan’s Osaka Track of 2019. Japan had proposed the “data free flow with trust” (DEFT) through a declaration made by the leaders of G20 in Osaka, Japan. In this declaration, the G20 leaders unveiled the Osaka Track to demonstrate commitment to promote international policy discussions and rulemaking on trade-related aspects of electronic commerce at World Trade Organization (WTO). The states committed that “we will engage in international policy discussions for harnessing the full potential of data and digital economy and increase efforts to engage with relevant international fora for that purpose.”[14]
All major economies including US, Canada and Germany signed and opted the Osaka track with the exception of India, Indonesia and South Africa. India maintained that the Osaka Track is not based on the principles of multilateralism propagated by the WTO. A compromise text noting “critical role played by effective use of data, as an enabler of economic growth, development and social well-being” was later inserted in the official statement on insistence by India and South Africa. The main concern of these developing economies remained that the “policy space” for digital industrialization could be hampered[15].
At a bilateral level however, India has been engaging with other countries with digital trade clauses in the FTAs. For instance, in February 2022, India signed a Comprehensive Economic Partnership Agreement (CEPA) with the United Arab Emirates (UAE). This agreement covered various service sectors like construction, tourism, nursing, finance and so on. While this agreement included digital trade clauses, some services which involved an online mode of service delivery were clauses pertaining to localization rules, data privacy of citizens, and mandatory local storage requirements[16]. The Agreement further provided that a legal framework for data protection ought to be formulated by each party in accordance with the principles laid down by international organizations. It is interesting to note that India is reiterating its stance at Osaka Track 2019 through subsequent agreements with other FTA partner countries. Finally, separate provisions have been envisaged in this agreement which would make it obligatory upon the parties to adequately publish information about remedies and business compliances. Thus, while India portrays openness towards digital trade, it has its own version of data-transfer clauses which again emphasize on localized-centric model. With the current set of sectoral regulations in the country, it is likely to benefit from such bilateral engagement with specific countries where it can retain its aspirations of data industrialization and derive benefits from cross-border data flow as well.
Modern data digital trade clauses in FTAs and exceptions to sectoral restrictions on cross-border data flow at bilateral level
There exists an international data consensus deficiency on cross-border data flows at a multilateral level thus at a bilateral level, countries including India have an opportunity to tailor digital trade clauses in FTAs for cross-border data flows to suit their unique needs. Clauses pertaining to cross-border data flow articulate trust of binding parties towards fostering better trade relations. Most digital trade clauses start off with commitments from each party towards protection of personal information as a priority in digital economy. Considering that citizens/subjects are ultimate beneficiaries, it is the endeavor of Governments that citizens should have similar remedies, redressal and/or protections. At the same time, it is provided that awareness ought to be created and adequate information be circulated about such legal regimes pertaining to digital trade. Inability to have a similar set of regulations is a major reason behind not having an international consensus on data sharing policy. Thus, FTAs have varied kinds of clauses depending on inter alia, the practical nature of political structure, domestic sectoral regulations, and ability of a country to industrialize the data.
The provisions in the FTAs may also provide for joint development of interoperable systems for protection of personal information by way of certifications or code of conduct. Availability of experts, cooperation in technical issues, inter-state reporting accessibility and sharing of information through joint projects may also find their place in FTAs. Considering the intrinsic value of data, each party in a bilateral FTA may also carve out exceptions to allowing cross-border data transfer where the purpose of such transfer is government procurement, achieving legitimate public policy and/or national security or strategic interest issue[17].
One of the contentious issues while negotiating such agreements is the direct or indirect implementation of sector specific restrictions. The general apprehension while dealing with developing economies like India is maneuvering through sectoral regulations. The domestic sectoral restrictions of a state which are usually regulatory in nature could be used as an indirect tool to circumvent free flow of data[18]. In such discussions, plausible exceptions to sectoral restrictions that are usually carved out are as follows:
Thus, the above clauses can be used with countries like India which has a strict localization policy.
As per a study conducted by World Bank titled Regulating Personal Data: Data Models and Digital Services Trade[19] published in March 2021, it was observed that the party in a bilateral trade agreement having an open cross-border data flow arrangement, partial conditional model of a cross-border data flow arrangement or for that matter, conditional model for domestic data processing showcases a reliable and healthy trade structure in digital services trade agreements. Many of the FTAs/Agreements around the world like the UK-EU Trade and Cooperation Agreement, UK-Japan Comprehensive Economic Partnership Agreement, EU-Mexico Global Trade Agreement, UK-Chile Association Agreement, UK-Vietnam FTA have similar data transfer related provisions. At this point, a carefully worded report of the RBI dated 29 April 2022 is relevant wherein it was noted “The focus of bilateral trade agreements with these advanced countries should be bilateral technology-sharing and forging partnership/alliance in sectors where indigenous capabilities may be weak. As the global trade environment is becoming increasingly complex and prone to more disputes, rules, and provisions with regard to digitally enabled trade, data security issues and intellectual property rights should get adequate coverage in trade agreements.” Thus, careful formulation of the data transfer clauses is important which are in consonance with a state’s data localization/globalization policy. The importance of these provisions become even more apparent in the long run when data industrialization capabilities of state may expand.
Conclusion
At an international level, unique heterogenous regulations, data consensus issues[20], stringent adequacy models are rather intrinsic in a proposition like cross-border data flows. Developed countries may propagate commitment to free flow of data with adequate protection, however the developing economies see it as a monotonous version of data protection. Data industrialization goals of developing economies is a long-drawn process. In India’s case, it is a two-pronged resolution that involves enacting an umbrella legislation for adequate data protection and fostering bilateral relations with FTA partner countries. India has a say in the room when it comes to negotiating bilateral trade agreements wherein the most optimum and efficient route can be chosen while not giving up on sectoral regulations and/or data industrialization goals. In any case, it is seen that success of such agreements is greater on a bilateral level than on a multilateral scale.
We hope you have found this information useful. For any queries/clarifications please write to us at insights@elp-in.com or write to our authors:
Sanjay Notani, Partner – Email – SanjayNotani@elp-in.com
Akash Manwani, Associate – Email – AkashManwani@elp-in.com
Disclaimer: The information contained in this document is intended for informational purposes only and does not constitute legal opinion or advice. This document is not intended to address the circumstances of any individual or corporate body. Readers should not act on the information provided herein without appropriate professional advice after a thorough examination of the facts and circumstances of a situation. There can be no assurance that the judicial/quasi-judicial authorities may not take a position contrary to the views mentioned herein
References
[1] https://datareportal.com/reports/digital-2022-india
[2] https://icrier.org/pdf/Economic_Implications_of_Cross-Border_Data_Flows.pdf
[3] https://carnegieindia.org/2021/04/14/how-would-data-localization-benefit-india-pub-84291
[4] https://indianexpress.com/article/business/startups/as-start-ups-complain-govt-looks-to-ease-data-localisation-norms-8034036/
[5] https://economictimes.indiatimes.com/tech/newsletters/morning-dispatch/draft-data-bill-may-relax-local-storage-rules-amazon-sues-consumer-protection-body/articleshow/94746089.cms?from=mdr
[6] https://www.livemint.com/news/world/india-boycotts-osaka-track-at-g20-summit-1561897592466.html
[7] https://nasscom.in/sites/default/files/20220509_Joint_Paper_Data_Transfers_NASSCOM.pdf
[8] Notification F. No. IRDAI/Reg/5/142/2017
[9] DPSS.CO.OD No. 2785/06.08.005/2017-2018
[10] Consolidated FDI Policy Circular of 2020, DPIIT File Number 5(2)/2020-FDI Policy Dated the October 15, 2020
[11] Circular No. SEBI/HO/MIRSD2/DOR/CIR/P/2020/221 dated 03 November 2020
[12] https://dst.gov.in/national-data-sharing-and-accessibility-policy-0
[13] https://www.meity.gov.in/writereaddata/files/Guidelines-Contractual_Terms.pdf
[14] https://www.mofa.go.jp/policy/economy/g20_summit/osaka19/pdf/special_event/en/special_event_01.pdf
[15] https://www.indiaperspectives.gov.in/en_US/india-at-osaka-strong-and-balanced/
[16] https://m.rbi.org.in/scripts/PublicationsView.aspx?id=21038
[17] https://nasscom.in/sites/default/files/20220509_Joint_Paper_Data_Transfers_NASSCOM.pdf
[18] https://nasscom.in/sites/default/files/20220509_Joint_Paper_Data_Transfers_NASSCOM.pdf
[19] https://openknowledge.worldbank.org/bitstream/handle/10986/35308/Regulating-Personal-Data-Data-Models-and-Digital-Services-Trade.pdf
[20] https://www.business-standard.com/article/current-affairs/how-can-we-get-data-flowing-freely-among-nations-with-different-cyber-laws-122052100169_1.html