Chapter 5. India

As the second most populous country in the world—and home to the second most Internet users as well—India plays a large factor in the discussion for big data going forward. Yet, despite its gigantic population, India is very much like China in that the size of its Internet-using population can only grow. While China has roughly half its population hooked up to the Web, less than a quarter of Indians have Internet access. This is, however, not cause for despair—just a few years ago, in 2010, India’s Internet penetration failed to break even 10% of its population. Like China, India’s economic growth means the growth of infrastructure, and with more of India’s population receiving Internet access, India will be a place to watch closely.

Article 21 of India’s Constitution serves as the primary legal basis for the data privacy law in India: “no person shall be deprived of his life or personal liberty except according to procedure established by law.” India’s Supreme Court recognizes the right to privacy as part of the right to life and personal liberty. This manifests itself in the Information Technology Act of 2000, which requires that corporations dealing with personal data implement security practices. Personal data is defined as any of the following: passwords; financial information; physical, mental, and psychological health condition; sexual orientation; medical records and history; biometric information. However, while many countries have similar acts, the specifics of the IT ACT and the IT Rules (2011) require that service vendors obtain written consent before they obtain personal data. Furthermore, movement and use of data to any party outside of India requires the receiving party to have at least the same level of security, as well as either a contractual agreement that requires the movement of the data or consent from the original data subject. This policy is far stricter than any data privacy policy in the United States, and companies outsourcing jobs to India or bringing business to India will have to be aware of the difference in policy. Some companies—notably Google—dislike the laws in India, finding them too harsh on data companies. Stricter data protection policy also encourages companies that already have stricter policies implemented to make the move into India. This specifically applies to EU companies moving into India; the European Commission already maintains strict data policies.

In many ways, the most important relationship US and EU companies have with India has been through outsourcing. The number of workers in India employed by US and EU companies, particularly in the IT services industry, is numerous, and these workers often receive significantly lower salaries as compared to their counterparts in the United States. The jobs outsourced to India are often lower-level IT jobs. With the rise of big data, the need for higher-level jobs—advanced data analytics, which requires significant training—is placing strain on not just the job market, but markets around the world. India, however, is aware of this demand. The Indian government is attempting to align itself with the data privacy laws of Europe; by aligning itself to EU standards, India will have the legal capacity to store and analyze sensitive and IP-protected data from Europe. Furthermore, online programs, schools, and existing companies are training qualified professionals. A huge advantage doing data-related business in India is the increasing pool of qualified, talented, and cheap labor.

India also has its own significant open data initiative. The culture of open data is teeming in India, with groups such as DataMeet drilling into the gold mine of big data. The government of India announced the National Data Sharing and Accessibility Policy (NDSAP) in 2012. The policy is an attempt to make transparent and accessible government data, all posted to http://data.gov.in, an open source portal. While NDSAP is a suggested policy, however, it is not mandatory. As such, not all sectors and branches of Indian government participate, and not all the data is easily readable or consistent. India’s lack of infrastructure in many places makes it difficult to collect, store, or process data.

India’s main focus for the past few years has been on providing a friendly climate for outsourcing, but its near future will see an increasingly important consumer market for data. Policies will conform to European standards in order to have access to European records where necessary, but it’s unclear whether India’s policies for its own citizens will follow this model or succumb to political exigencies and encourage governmental intrusion along the model of China. Although the most speech-restrictive elements of the Information Technology Act were struck down by India’s Supreme Court, the law still provides the government with warrantless access to databases.