Data embassies may only be allowed to store non-personal information
A senior govt official says MeitY plans to draft a separate Policy for Data Embassies, instead of including it in Digital Personal Data Protection Bill, 2022
 "data protection bill")
premium
Photo: Bloomberg
The government likely to allow only non-personal datasets to be stored in data embassies — the physical data centres of trusted nations which enjoy diplomatic immunity from local laws — as part of an upcoming policy, sources said.
A senior government official said the Ministry of Electronics and Information Technology (MeitY) plans to draft a separate policy for data embassies, instead of including it in the Digital Personal Data Protection Bill, 2022.
Non-personal data refers to any dataset that does not contain information that can be used to identify an individual. These datasets could be consumer shopping trends, vehicle registration figures, tax collection information, etc.
The development comes days after Finance Minister Nirmala Sitharaman, while presenting the Budget for 2023-24, said the government would facilitate the setting up of data embassies at Gujarat International Finance Tec-City International Financial Services Centre. They will be for nations looking for digital continuity solutions.
A data embassy refers to server resources owned and maintained by a nation-state outside its territorial boundaries, according to its own laws. The idea is to ensure the normal functioning of a state and its digital services in case of situations like a cyberattack or a natural disaster.
“Data embassies will be safe zones to store data for friendly nations without any interference from local laws. This will be beneficial for countries wanting to diversify locations of their data storage without losing jurisdictional control over it. But we believe it should only include non-personal data,” the official said on the condition of anonymity. He added the policy will bring new opportunities for Indian companies and investments in setting up data centres and digital infrastructure management.
However, experts say the nature of data stored in a data embassy generally remains in the control of the source country. “According to the concept of a data embassy, countries that want to offshore their critical national infrastructure will decide what data or their national asset they want to protect outside their territory,” a data security expert said.
The Vienna Convention on Diplomatic Relations, 1961, grants diplomatic agents safe passage and freedom of travel in a foreign land and protection from local lawsuits and prosecution. Such benefits largely depend on the principle of reciprocity of the privileges. Similarly, the data stored in data embassies is governed based on trust in reciprocity with the laws of the foreign country.
A senior government official said the Ministry of Electronics and Information Technology (MeitY) plans to draft a separate policy for data embassies, instead of including it in the Digital Personal Data Protection Bill, 2022.
Non-personal data refers to any dataset that does not contain information that can be used to identify an individual. These datasets could be consumer shopping trends, vehicle registration figures, tax collection information, etc.
The development comes days after Finance Minister Nirmala Sitharaman, while presenting the Budget for 2023-24, said the government would facilitate the setting up of data embassies at Gujarat International Finance Tec-City International Financial Services Centre. They will be for nations looking for digital continuity solutions.
A data embassy refers to server resources owned and maintained by a nation-state outside its territorial boundaries, according to its own laws. The idea is to ensure the normal functioning of a state and its digital services in case of situations like a cyberattack or a natural disaster.
“Data embassies will be safe zones to store data for friendly nations without any interference from local laws. This will be beneficial for countries wanting to diversify locations of their data storage without losing jurisdictional control over it. But we believe it should only include non-personal data,” the official said on the condition of anonymity. He added the policy will bring new opportunities for Indian companies and investments in setting up data centres and digital infrastructure management.
However, experts say the nature of data stored in a data embassy generally remains in the control of the source country. “According to the concept of a data embassy, countries that want to offshore their critical national infrastructure will decide what data or their national asset they want to protect outside their territory,” a data security expert said.
The Vienna Convention on Diplomatic Relations, 1961, grants diplomatic agents safe passage and freedom of travel in a foreign land and protection from local lawsuits and prosecution. Such benefits largely depend on the principle of reciprocity of the privileges. Similarly, the data stored in data embassies is governed based on trust in reciprocity with the laws of the foreign country.