Copyright infringement not intended

Picture Courtesy:  THE HINDU

Context

The recently signed India-United Kingdom Free Trade Agreement (FTA) has brought India's digital sovereignty into focus.  

What is Digital Sovereignty?

Digital sovereignty refers to the ability of a state, organization, or individual to independently control digital infrastructure, data, and decision-making processes within their jurisdiction. 

It includes the authority to dictate how data is collected, stored, processed, and transferred, independent of any external influence. 

How the concept of  digital sovereignty evolved in India?

Early Digitalization (1990s-2000s) => Focused on expanding internet penetration and establishing basic IT infrastructure. 

• Policies were largely reactive, addressing issues as they arose, with limited foresight into the implications of global digital interconnectedness.

The Age of Data and Platforms (2010s) => With the introduction of smartphones, social media, and e-commerce, India became a digital consumer. 

• The period highlighted vulnerabilities related to data localization, cross-border data flows, and the dominance of foreign digital platforms, prompted early decision making for greater national control.

Post-Jio Era & Digital India (Mid-2010s Onwards) => Reliance Jio and the 'Digital India' initiative accelerated digital adoption. 

• Debates started around data protection, privacy, and the need for indigenous digital solutions, demanding a more proactive approach towards digital sovereignty. 
• The Justice Srikrishna Committee Report (2018) on data protection advocated for data localization and stronger regulatory frameworks.

Historically, India has maintained a strong position and advocated sovereign rights in the digital domain. However, the recent India-UK FTA permits cross-border data flows, potentially setting a precedent for India to move away from stricter data localization requirements in future agreements. 

What is the Significance of Digital Sovereignty?

Geopolitical Tensions => Ongoing tech rivalry (eg. ChatGPT vs Deepseek) between global powers and the weaponization of digital tools (e.g., cyber warfare, disinformation campaigns) highlights the need for India to control its digital assets. 

Massive Data Breaches & Privacy Concerns => High-profile data breaches and data misuse by global tech giants highlights the need for comprehensive data protection laws and national control over sensitive information.

• The world’s largest-ever data breach, exposing 16 billion passwords tied to tech giants like Apple, Facebook, and Google, has raised concerns about cyber vulnerabilities.

Supply Chain Vulnerabilities => Dependencies on foreign hardware and software components create vulnerabilities, mainly in sensitive sectors like defense, finance, and critical infrastructure.

• In 2022, the USA discovered Rogue communication devices found in some Chinese solar power inverters.
• The U.S. government has implemented export controls on advanced AI chips to certain countries, mainly China and Russia, due to national security concerns.

Weaponization of Digital Platforms => Use of social media for propaganda, influence operations, and the spread of misinformation require greater national regulation of digital platforms.

• The National Investigation Agency (NIA) investigations revealed that social media platforms like Facebook, WhatsApp, and Telegram are used by ISIS to propagate its ideology, recruit new members, and coordinate activities.

What are the steps taken by India to strengthen its digital sovereignty?

Constitutional Provisions => Article 21 (Right to Life and Personal Liberty) has been interpreted by the Supreme Court to include the Right to Privacy (Puttaswamy judgment, 2017), foundation of data protection and individual control over digital identity, a core component of digital sovereignty.

Legal and regulatory framework

• The Digital Personal Data Protection Act (DPDP Act) 2023 provides a framework for the processing of digital personal data, lawful, fair, and transparent usage. 
• Introduced concepts like data fiduciaries and data principals, outlining their rights and responsibilities.
• Data localization for sensitive personal data (SPD) and critical personal data (CPD). 
• Intermediary Guidelines and Digital Media Ethics Code (2021) impose obligations on social media platforms to establish grievance redressal mechanisms and identify the first originator of unlawful messages.
• Information Technology Act, 2000 and Rules provide the foundational legal framework for cybersecurity and data protection.
• National Digital Communications Policy 2018 set strategic goals for the Information and Communications Technology (ICT) sector, including data protection and cybersecurity measures. 

Technological self-reliance and innovation

• Digital India Program aims to establish a secure digital infrastructure, delivering digital services, and ensuring universal digital literacy.
• India Semiconductor Mission (ISM) focuses on building domestic capabilities in chip design, fabrication, assembly, and packaging.
• Promoting indigenous platforms like Koo (an Indian microblogging platform) and BharatOS (a proposed mobile operating system) aim to reduce reliance on foreign digital platforms.
• Investing in AI infrastructure (eg. India AI mission), coupled with private sector investments, to develop data centers.

What are the Challenges in Achieving Digital Sovereignty?

Global Nature of the Internet => Internet is borderless, making strict national control difficult. 

• Over-localization can hinder global data flows essential for economic growth and research.
• Example: Data flow restrictions delayed the research and COVID-19 vaccine development process. 

Technological Dependencies => India heavily relies on foreign hardware (e.g., semiconductors) and software (e.g., operating systems, cloud services) from global tech giants, creating significant supply chain vulnerabilities.

• India currently imports over 95% of its chip needs from China, Taiwan, South Korea, and Singapore

Balancing Control and Innovation => Strict regulations aimed at sovereignty might hinder innovation, deter foreign investment, and limit access to advanced global technologies.

Capacity Building => Investment in building indigenous R&D capabilities, developing skilled cybersecurity professionals, and establishing robust domestic digital infrastructure.

• The National Skill Development Corporation (NSDC) study indicates the demand-supply gap of skilled workers; demand for skilled workers at 103 million, while the current supply stands at just 74 million.   

Enforcement Challenges => Enforcing national laws on global tech platforms operating across jurisdictions presents legal and logistical challenges.

Privacy vs Surveillance => Pursuit of national security and data control can sometimes conflict with individual privacy rights, raising concerns about state surveillance.

• In Anuradha Bhasin vs Union of India (2020) case, the Supreme Court established that any restrictions on internet access must be proportionate, necessary, and temporary. 
• The court underlined the need for explanation for government decisions affecting digital rights.
• Recommended regular parliamentary oversight of surveillance powers and activities to ensure transparency and accountability.

What are the way forward to protect digital sovereignty?

Strategic Data Governance  => Implement a comprehensive data protection law that balances national security, individual privacy, and economic growth.

• Ensure data localization only for critical and sensitive data, while allowing responsible cross-border data flows.

Indigenous Technology Development => Investment in domestic R&D for critical technologies like semiconductors, quantum computing, AI, and cybersecurity solutions.  

• Developing indigenous AI models and Large Language Models (LLMs) trained on Indian datasets in diverse Indian languages is crucial to ensure that AI reflects local context and benefits the population.

Cybersecurity Resilience =>  Establish a national-level cybersecurity task force.

• Invest in cybersecurity research and development, develop indigenous tools, and boost the capabilities of organizations like National Critical Information Infrastructure Protection Centre (NCIIPC).

Skill Development => Launch aggressive programs for training a large pool of cybersecurity experts, data scientists, and AI/ML engineers to meet the demands of the digital economy and security.

• IndiaAI FutureSkills focuses on expanding AI education at all academic levels and establishing Data and AI Labs in Tier 2 and Tier 3 cities.
• Pradhan Mantri Kaushal Vikas Yojana (PMKVY) 4.0 introduces "Future Skills" job roles to prepare youth for opportunities in emerging technologies like AI and ML.

International Cooperation => Engage in multilateral and bilateral dialogues to establish global norms for cyberspace, to ensure a free, open, secure, and reliable internet. 

• India can leverage its position in forums like the Quad, BRICS and G20.
• Forming alliances with like-minded nations to develop common standards and approaches to digital governance.
• India can learn from global best practices like the European Union's General Data Protection Regulation (GDPR), which applies to all forms of personal data; both digital and offline data.

Ethical AI and Digital Ethics => Develop ethical guidelines for the development and deployment of AI and other emerging technologies.

Source: THE HINDU