Interrogating India’s quest for data sovereignty


back to issue

IN February 2019, the Government of India released the Draft National E-Commerce Policy, which claimed among other things that ‘the increasing importance of data warrants treating it at par with other resources on which a country would have sovereign right. It is said that data is the new oil.’1

Political and business leaders ranging from Prime Minister Narendra Modi to industrialists Mukesh Ambani and Nandan Nilekani have made claims of sovereign control over the amorphous category of ‘data’ and declarations of its economic potential as a natural resource. Such claims are also increasingly reflected in legal and policy developments in India ranging from WTO negotiations to data protection legislation, particularly the Personal Data Protection Bill, 2019.

These developments are of tremendous social and political consequence resulting as they are in the creation of pervasive new standards and architectures for the operation of the internet, and accordingly, for India’s increasingly networked society. These developments mark an important break from India’s historical approach towards internet governance; moreover, they are heavily influenced by concerns of trade and security with significant implications for various stakeholders who assert claims and interests over the internet and over the kind of ‘data’ they seek to control. As a result, it is imperative that both the historical development of this trend and its implications for India’s law and policy are interrogated. This article explores the history of ‘data sovereignty’ debates in their geopolitical context as well as its roots in Indian policy and law. I argue that the recent claims of data sovereignty by the Indian government attempt to reconfigure power and control over the information society through the central government while leaving out other valid conceptions or imaginations of data governance.

There is a long history of competing claims and assertions of ‘sovereignty’ or control over the internet and, more recently, over ‘data’. While concerns of sovereignty – asserting power or control over some domain – have long been primarily driven by governments and state actors, the technical architectures and historical development of the internet did and continue to present challenges to unambiguous assertions of state-sovereign authority over information flows.

The internet has long held an exceptional status vis-a-vis assertions over the jurisdiction and control over the network’s infrastructure, and particularly over its information flows, owing as much to its fundamental technical structure as to its historical development. The peculiar position of the internet has resulted in a number of other stakeholders asserting both functional and legal control over it. Consider, for example, the international multi-stakeholder organizations which develop the technical specifications, standards and protocols for network and data flows, such as the Internet Engineering Task Force (IETF) or the International Corporation for Assigned Names and Numbers (ICANN) which have deeply influenced the structure and governance of the internet. As Julie Cohen notes, these reflect emergent networked ‘legal-institutional’ structures of governance, which appear to ‘operate according to their own rules in ways influenced by states but not controlled by them.’2


These legal-institutional actors and structures have been embedded in and influenced by dominant geopolitical concerns of trade and security. The evolving paradigms and politics of economic globalization, in particular, have deeply influenced the governance of the internet and of information flows. Many of the institutions and norms for the governance of the internet developed as an expansion of the idea of standardized rules for international commerce, mirroring the development of ‘lex mercatoria’, which governed trade routes and maritime navigation. International organizations such as the WTO, responsible for the administration of these legal norms embedded in treaties like the General Agreements on Trade in Services, and particularly the treaty on Trade Related Aspects of Intellectual Property Rights became intrinsic to the governance of rights in networks and information flows. Historically driven by OECD countries, the USA in particular, these institutions and norms sought to repurpose the internet as a vehicle for securing their economic interests and political values. These norms also found purchase in the recently liberalized Indian economy, which was undergoing ‘structural adjustment’ to integrate with the globalized economy.


This situation produced norms which strengthened trans-border intellectual property protection in information (such as copyright protection in digital works), while establishing norms encouraging the ‘free flow’ of information as integral to the growth of the network. In May 1998, for example, the WTO adopted a ‘moratorium’ on customs duties for electronic trans-missions, which denuded the authority of national governments to tax trans-border e-commerce transactions.3 Similarly, the emergence of bilateral and multilateral free trade agreements like the Trans Pacific Partnership or the Regional Comprehensive Economic Partnership have attempted to entrench the power of large technology firms and industrialized Asia-Pacific nations, through specific ‘data free flow’ obligations and assurances against allowing governments access to the source code of algorithmic systems which employ data analytics capabilities. Binding trade obligations like these have been compounded by the nature of international taxation regimes for e-commerce, which have allowed dominant digital platforms to evade fair taxation.4


The hold of ‘data’ and the networked information economy over economic globalization has radically developed since these norms first evolved. In recent decades, a new form of ‘informational capitalism’ has emerged where ‘data’ or information created or abstracted from material forms of labour or capital is considered a factor of economic production, distinct from intellectual property laws. The rise of ‘big data’ and the algorithmic creation of ‘artificial intelligence’ have increasing economic value and seemingly limitless economic potential. Consequently, this scenario has driven the urge for the ‘datafication’ of all aspects of social life and experience, and the commodification of data generated as an input for economic production.

Datafication has been accompanied by the emergence of ‘platforms’ as the dominant technical and economic framework for networked transactions. These platforms, which intermediate much of the internet, are largely operated by private, for-profit and multinational corporations including Google, Facebook, Microsoft, Amazon and Apple, each of which assert increasing dominance over different realms of our digital lives – from search, social networking to traditional ‘e-commerce’ and operating systems and software. The emergence and transnational dominance of platforms was abetted by prevailing institutional norms that prioritized uninhibited data flows. In the regulatory void of trans-national data flows, platforms have become the dominant institutional actors shaping the norms of data collection and use in a globalized information economy.

The accumulation of political and economic power by these multinational firms has been likened by Frank Pasquale to a form of ‘functional’ sovereignty – displacing strictly territorial state-sovereign power and control over the internet and shaping the rules that govern online data flows.5 The central role of platforms in intermediating data flows and shaping network behaviour has, until recently, gone unnoticed by policymakers around the world, with market regulators and courts unable to comprehend or respond to the transformative role that network intermediation and accumulation of data plays in shaping markets, within legal frameworks like competition law.


Some scholars have suggested that claims of ‘information sovereignty’ have emerged in response to, and as a counter to, the dominant or hegemonic ideal of ‘free flow’ of data and information and the ‘freedom to connect’, driven by states and platforms, and particularly by ‘Silicon Valley’ and US trade and foreign policy. Certainly, historical evidence of assertions of ‘information sovereignty’, such as those in China and Russia, support the theory that both foreign and domestic internet and data governance policies in these countries have been driven by considerations of national security and trade protectionism, establishing greater restrictions on trans-border data flow as a means of asserting ‘sovereignty’ over the internet (or their internet). The emergence of the platform economy and informational capitalism as an economic structure has compounded these anxieties of governments and state agents in their assertion of technological sovereignty and ‘data sovereignty’ over the internet.6


The history of the internet and digital policy and laws in India indicate to some degree the concerns and anxieties about the state’s role in the facilitation or governance of network access and data flow. The earliest attempt to regulate the internet, the Information Technology Act of 2000, explicitly addressed the need to facilitate transnational e-commerce through the standardization of legal and technical frameworks for the internet, with reference to the prevailing norms of standardized international e-commerce framed under the UNCITRAL. Subsequently, a series of amendments to the IT Act in 2008 were testament to the increasingly consequential social and political role played by the internet and online information, with the Government of India attempting to regulate online expressions primarily as a reaction to national concerns about unlawful or undesirable online expression.

More recent policy developments, however, are directly responding to the emergence of global informational capitalism and the platform economy. The language of the draft e-commerce policy signaled an emerging and urgent trend towards re-conceptualizing ‘data’ as a material resource for producing economic value, as well as the necessity of government interventions for ensuring that data flows are in line with state security or economic policy. The Economic Survey of India, 2018-19, dedicated an entire chapter outlining how data must be treated as a public good for social welfare, envisioning government-controlled platforms for processing and utilizing data as raw material for the generation of economic value, a sentiment also echoed in the March 2020 Draft Strategy for National Open Digital Ecosystems released. The Government of India has attempted to create the legal basis for this vision through mandates for data localization (the requirement that data be stored in servers within Indian territory) within various sector-specific regulations (like those of the Reserve Bank of India requiring payments companies to store data locally), as well as in the pending Personal Data Protection Bill. The current version of the PDP Bill also gives the central government a carte blanche to acquire any data not categorized as ‘personal data’, similar to claims of the ‘eminent domain’ of a nation state over land or natural resources within its territory.


Trade policy has similarly reflected concerns about trade sovereignty and economic self-sufficiency affected by data flows. FDI Press Note 2 of 2018, for instance, created new rules for the operation of ‘e-commerce’ platforms with primarily foreign investment, as a protectionist measure for domestic retail and e-commerce firms who have been affected by the dominance of platforms like Amazon. Similarly, India, along with other global South countries is attempting to renegotiate the WTO moratorium on customs duties on electronic transmissions. In March 2020, the government introduced an ‘equalization levy’, or an indirect tax for foreign platforms operating in India in an effort to balance the scales of global e-commerce, after similar attempts since at least 2016, including the use of data localization mandates to create a legal fiction for taxation of international flows of data by Indian tax authorities. The equalization levy has primarily been directed towards dominant platforms like Google and Amazon, earning it the moniker of ‘Google tax’.


Claims to data sovereignty have not received much judicial interrogation with the legal basis for laying jurisdictional claim or control over information being largely foregrounded in considerations of private international law and judicial comity or reciprocity. However, while no consistent standard for asserting legal jurisdiction appears to have developed in India, Indian courts have not shied from asserting an almost ‘universal’ jurisdiction over data flows and online transactions occurring or connected with India. In the recent case of Ramdev v Facebook, for example, the Delhi High Court asserted the extra-territorial applicability of Indian defamation law stating ‘The material/information having originated from India, courts in India would have jurisdiction to direct removal of the same.’7

India has, in the past, strongly pushed for technological sovereignty and the preservation of the government’s rights to use technology for securing valuable social and economic goals, for example, in the negotiations for government use of patents and compulsory licensing under the TRIPS.8 Recent policy and legislative developments appear to have paved the way for the Government of India to lay claim to ‘Indian data’ and data flows for the purpose of executing a vision for a centrally planned data economy. Undoubtedly, this presents one alternative to the neoliberal economic order produced by the current ‘legal-institutional’ frameworks governing data flows, which encourage the extractive logic of informational capitalism driven by digital platforms. Criticisms of data sovereignty, which attack the ‘balkanization’ of the internet, tend to ignore the social and political imbalances produced by these dominant geopolitical orders, as well as the state’s obligation and central role in securing economic and social justice.


However, the metaphor of ‘data as oil’ can only be stretched so far. Likening data to a material resource to be primed for the extraction of economic value ignores the violent politics and history behind competing claims to natural resources like oil which also encompass community rights to land and livelihoods and risks becoming a violent enterprise of its own. The emerging policies of laying absolute claims to data by the government ignores a multiplicity of rights and interests in all forms of data, claimed either by individuals, such as privacy and decisional autonomy; or by communities – including economic rights or group rights against discrimination. Subsuming this multiplicity of claims, rights and interests over data within one notion of state-sovereignty risks undermining such rights in much the same manner as dominant platforms currently do.9

The Government of India’s policies do not reflect a vision of social and economic justice beyond the claims to control and power over data, limiting the discourse on privacy to a myopic vision of ‘data security’. India’s current approach towards ‘data sovereignty’ ignores the multiple possibilities of political organization in data governance. Even accepting the primary organizational role of the state, these policies and laws exhibit tendencies of centralization of power over data and the internet without the democratic involvement of communities in the manner in which data is governed. Alternative imaginaries remain unexplored, including organizing platform cooperatives, or forms of data stewardship organized around local self-governance, such as Barcelona’s Decentralised Citizens Owned Data Ecosystem. Similarly, the Government of India has not been proactive in ensuring structural interventions in markets for dismantling the extraordinary market power of big technology firms, for example, through tools offered by the Competition Act.


Among the public responses to the draft e-commerce policy, mostly by lobbying groups and corporate federations, was the submission of the Bengaluru Jilla Beedhi Vyapari Sanghatnegala Okkuta, an association of street vendor unions from Bengaluru.10 In its submission, the federation echoed concerns about the Government of India asserting sovereignty over data and likening it to mines, arguing that the history of mines was a history of the violent displacement of community rights and self-determination, and asking for the government to evolve a framework which allows communities to both control and benefit from economically valuable data. Taking this sentiment forward, as argued by Yarimar Bonilla, perhaps we must ‘unsettle’ the framework of ‘sovereignty’ itself, and examine whether it reproduces the violent and inequitable geopolitical order that the notion of ‘data sovereignty’ wants to respond to.11



1. Draft E-Commerce Policy, Department for the Promotion of Industry and Internal Trade, 23 February 2019.

2. Julie Cohen, Between Truth and Power: The Legal Constructions of Informational Capitalism. Oxford University Press, 2019.

3. Declaration on Global Electronic Commerce, Second Ministerial Conference of the World Trade Organization, May 1998.

4. Arthur J. Cokefield, ‘Tax Wars: How to End the Conflict over Taxing Global Digital Commerce’, Berkeley Business Law Journal 17, 2020.

5.Frank Pasquale, ‘Digital Capitalism: How to Tame the Digital Juggernauts’, WISO Direct, 2018.

6. Michael Jablonski and Shawn M. Powers, The Real Cyber War: The Political Economy of Internet Freedom. University of Illinois Press, 2015.

7. Delhi High Court, CS (OS) 27/2019.

8. Jayashree Watal, ‘Patents: An Indian Perspective’, in The Making of the TRIPS Agreement. World Trade Organization, 2015.

9. Linnet Taylor, ‘What is Data Justice? The Case for Connecting Digital Rights and Freedoms Globally’, Big Data & Society, 2017.

10. Translation of the submissions on draft Ecommerce Policy made by Bengaluru Jilla Beedhi Vyapari Sanghatnegala Okkuta.

11. Yarimar Bonilla, ‘Unsettling Soverei-gnty’, Cultural Anthropology 32(3), 2017, pp. 330-339.