🔔This Durga Puja, Invest in your future with our exclusive festive offer. Get up to ₹15,000 off on WBCS ONLINE CLASSROOM PROGRAMME with coupon code Puja15K.

INDIA’S DIGITAL SOVEREIGNTY: MEANING, SIGNIFICANCE & CHALLENGES

India's digital sovereignty is a topic of debate, with discussions on data protection, privacy, and indigenous digital solutions. The India-UK FTA enables cross-border data flows, potentially paving the way for India to shift away from its stricter localisation requirements.

Description

Copyright infringement not intended

Picture Courtesy:  THE HINDU

Context

The recently signed India-United Kingdom Free Trade Agreement (FTA) has brought India's digital sovereignty into focus.  

What is Digital Sovereignty?

Digital sovereignty refers to the ability of a state, organization, or individual to independently control digital infrastructure, data, and decision-making processes within their jurisdiction. 

It includes the authority to dictate how data is collected, stored, processed, and transferred, independent of any external influence. 

How the concept of  digital sovereignty evolved in India?

Early Digitalization (1990s-2000s) => Focused on expanding internet penetration and establishing basic IT infrastructure. 

  • Policies were largely reactive, addressing issues as they arose, with limited foresight into the implications of global digital interconnectedness.

The Age of Data and Platforms (2010s) => With the introduction of smartphones, social media, and e-commerce, India became a digital consumer. 

  • The period highlighted vulnerabilities related to data localization, cross-border data flows, and the dominance of foreign digital platforms, prompted early decision making for greater national control.

Post-Jio Era & Digital India (Mid-2010s Onwards) => Reliance Jio and the 'Digital India' initiative accelerated digital adoption. 

  • Debates started around data protection, privacy, and the need for indigenous digital solutions, demanding a more proactive approach towards digital sovereignty. 
  • The Justice Srikrishna Committee Report (2018) on data protection advocated for data localization and stronger regulatory frameworks.

Historically, India has maintained a strong position and advocated sovereign rights in the digital domain. However, the recent India-UK FTA permits cross-border data flows, potentially setting a precedent for India to move away from stricter data localization requirements in future agreements. 

Key provisions related to the Digital sovereignty in India-United Kingdom FTA

  • Source code and algorithms => Prohibits the forced disclosure of source code as a precondition to market access. 
    • A shift from India's previous stance, which earlier asked access to source code for regulatory and security purposes.
  • Electronic contracts and authentication => Recognizes the legal equivalence of electronic contracts, signatures, and authentication with traditional formats, to reduce red tape and promote digital transactions.
  • Cooperation on emerging technologies => Both countries agree to cooperate on areas like artificial intelligence, cybersecurity, digital identity, and e-governance. 
  • Non-discrimination => Contain a provision that requires the non-discriminatory application of competition law. 
    • Concerns that this might be used by foreign technology companies to challenge India's regulatory efforts in the digital sector.
  • Transparency and consumer protection => Enforce laws against misleading, fraudulent, and unfair commercial practices that harm or could harm consumers. 

What is the Significance of Digital Sovereignty?

Geopolitical Tensions => Ongoing tech rivalry (eg. ChatGPT vs Deepseek) between global powers and the weaponization of digital tools (e.g., cyber warfare, disinformation campaigns) highlights the need for India to control its digital assets. 

Massive Data Breaches & Privacy Concerns => High-profile data breaches and data misuse by global tech giants highlights the need for comprehensive data protection laws and national control over sensitive information.

Supply Chain Vulnerabilities => Dependencies on foreign hardware and software components create vulnerabilities, mainly in sensitive sectors like defense, finance, and critical infrastructure.

Weaponization of Digital Platforms => Use of social media for propaganda, influence operations, and the spread of misinformation require greater national regulation of digital platforms.

What are the steps taken by India to strengthen its digital sovereignty?

Constitutional Provisions => Article 21 (Right to Life and Personal Liberty) has been interpreted by the Supreme Court to include the Right to Privacy (Puttaswamy judgment, 2017), foundation of data protection and individual control over digital identity, a core component of digital sovereignty.

Legal and regulatory framework

  • The Digital Personal Data Protection Act (DPDP Act) 2023 provides a framework for the processing of digital personal data, lawful, fair, and transparent usage. 
    • Introduced concepts like data fiduciaries and data principals, outlining their rights and responsibilities.
  • Data localization for sensitive personal data (SPD) and critical personal data (CPD). 
  • Intermediary Guidelines and Digital Media Ethics Code (2021) impose obligations on social media platforms to establish grievance redressal mechanisms and identify the first originator of unlawful messages.
  • Information Technology Act, 2000 and Rules provide the foundational legal framework for cybersecurity and data protection.
  • National Digital Communications Policy 2018 set strategic goals for the Information and Communications Technology (ICT) sector, including data protection and cybersecurity measures. 

IT Act 2000

  • It grants legal validity and enforceability to electronic records and digital signatures, making them equivalent to physical documents and handwritten signatures.
  • Promotes the use of electronic records in governmental operations.
  • Defines various cybercrimes, such as hacking, identity theft, and cyberterrorism, and prescribes penalties for such offenses.
  • Defines the roles and responsibilities of intermediaries, like Internet Service Providers (ISPs), online marketplaces, and social media platforms
  • Appointment of a Controller of Certifying Authorities (CCA) to regulate digital signatures and Certifying Authorities. 
  • Creation of the Indian Computer Emergency Response Team (CERT-In) for cybersecurity and incident response.
  • Establishes adjudicating officers to resolve disputes and a Cyber Regulations Appellate Tribunal to hear appeals related to its provisions. 

Technological self-reliance and innovation

  • Digital India Program aims to establish a secure digital infrastructure, delivering digital services, and ensuring universal digital literacy.
  • India Semiconductor Mission (ISM) focuses on building domestic capabilities in chip design, fabrication, assembly, and packaging.
  • Promoting indigenous platforms like Koo (an Indian microblogging platform) and BharatOS (a proposed mobile operating system) aim to reduce reliance on foreign digital platforms.
  • Investing in AI infrastructure (eg. India AI mission), coupled with private sector investments, to develop data centers.

IndiaAI Mission

Origin: Approved by the Union Cabinet in March 2024

Objective: Establishing a comprehensive and inclusive Artificial Intelligence (AI) ecosystem.

Budget: Rs. 10,300 crore for the next five years 

Implementation: Ministry of Electronics and Information Technology (MeitY). 

 Key objectives

  • Developing Indigenous AI Capabilities
  • Providing Startup Risk Capital
  • Ensuring Socially Impactful AI Projects
  • Promoting Ethical AI

What are the Challenges in Achieving Digital Sovereignty?

Global Nature of the Internet => Internet is borderless, making strict national control difficult. 

  • Over-localization can hinder global data flows essential for economic growth and research.
  • Example: Data flow restrictions delayed the research and COVID-19 vaccine development process. 

Technological Dependencies => India heavily relies on foreign hardware (e.g., semiconductors) and software (e.g., operating systems, cloud services) from global tech giants, creating significant supply chain vulnerabilities.

Balancing Control and Innovation => Strict regulations aimed at sovereignty might hinder innovation, deter foreign investment, and limit access to advanced global technologies.

Capacity Building => Investment in building indigenous R&D capabilities, developing skilled cybersecurity professionals, and establishing robust domestic digital infrastructure.

Enforcement Challenges => Enforcing national laws on global tech platforms operating across jurisdictions presents legal and logistical challenges.

Privacy vs Surveillance => Pursuit of national security and data control can sometimes conflict with individual privacy rights, raising concerns about state surveillance.

What are the way forward to protect digital sovereignty?

Strategic Data Governance  => Implement a comprehensive data protection law that balances national security, individual privacy, and economic growth.

  • Ensure data localization only for critical and sensitive data, while allowing responsible cross-border data flows.

Indigenous Technology Development => Investment in domestic R&D for critical technologies like semiconductors, quantum computing, AI, and cybersecurity solutions.  

  • Developing indigenous AI models and Large Language Models (LLMs) trained on Indian datasets in diverse Indian languages is crucial to ensure that AI reflects local context and benefits the population.

Cybersecurity Resilience =>  Establish a national-level cybersecurity task force.

Skill Development => Launch aggressive programs for training a large pool of cybersecurity experts, data scientists, and AI/ML engineers to meet the demands of the digital economy and security.

International Cooperation => Engage in multilateral and bilateral dialogues to establish global norms for cyberspace, to ensure a free, open, secure, and reliable internet. 

  • India can leverage its position in forums like the Quad, BRICS and G20.
  • Forming alliances with like-minded nations to develop common standards and approaches to digital governance.
  • India can learn from global best practices like the European Union's General Data Protection Regulation (GDPR), which applies to all forms of personal data; both digital and offline data.

Ethical AI and Digital Ethics => Develop ethical guidelines for the development and deployment of AI and other emerging technologies.

For Prelims: Right to Privacy l Digital Personal Data Protection Bill 2023 l Digital India Act | NATIONAL INTERNET EXCHANGE OF INDIA

For Mains: India's Data Centre Ambitions l Sovereign AI l Enhancing Governance Through Digital Transformation

Source: THE HINDU

PRACTICE QUESTION

Q. "Data is the new oil." In light of this statement, analyze the economic significance of data localization and digital sovereignty for India. 250 words

Frequently Asked Questions (FAQs)

It refers to the exploitation of a nation's data by powerful foreign tech entities without adequate control or economic benefit for the data-originating country.

India advocates for global data governance norms that respect national sovereignty and balance free data flow with national interests, making it a key foreign policy pillar.

Data localization ensures that sensitive data stays within national boundaries, allowing the domestic government to apply its laws and secure it effectively.

Free access to e-paper and WhatsApp updates

Let's Get In Touch!