To avoid “disadvantages”, Google relies on “narrowly tailored” data localization

Local storage requirements should be “tailored as narrowly as possible” to minimize the “disadvantages” and optimize for some very specific legitimate needs, a top Google executive said.

Keith Enright, Google’s chief privacy officer, said virtually at a select media meeting on Wednesday that in his experience, data localization requirements don’t typically help in some of the key areas they’re designed to serve, such as: B. economic gain and preventing access to data by another government or bad actors and providing data to law enforcement agencies.

Google isn’t the only one who seems to have reservations about local storage requirements, a key part of India’s proposed privacy framework. Under India’s pending privacy law, major tech companies are required to store a copy of certain sensitive personal data in India, and the export of undefined “critical” personal data out of the country is prohibited. Last month, Rob Sherman, vice president and assistant privacy officer at Facebook parent company Meta, said the requirement could make it “difficult” for the company to offer its services in the country.

🚨 Limited time offer | Express Premium with Ad-Lite for only 2 Rs/day 👉🏽 Click here to login 🚨

Responding to a question from The Indian Express about the data localization standards proposed in the country’s draft privacy law, Enright said governments are fighting over local storage requirements to protect data they deem sensitive, prevent access by other governments or bad actors, and to guarantee access to local law enforcement agencies, and in the hope that such locally stored data will have some economic benefit. “None of these areas have actually been significantly advanced by data localization requirements. The massively parallelized nature of the web, the way the cloud has evolved has been optimized for security, availability and efficiency. Data localization is retreating from these benefits and risking disrupting a globally distributed cloud,” said Enright.

“Many aspects of the internet that people don’t expect, enjoy, and rely on require data movement across international jurisdictions to work reliably. We must come together as a global privacy community to ensure we can provide strong privacy protections and clear rules so products and services can operate the way people expect,” Enright said. “Now this is getting harder and harder as we see privacy laws evolving and spreading around the world. While there are certainly some common themes, given the speed and frequency of legislative activity surrounding data protection, we face an increasing risk of disparate regulations that cannot be modeled consistently, which can make compliance exceptionally challenging for a global organization .”

In response to another question from The Indian Express about the IT Department’s recent proposal to “encourage” big tech companies to share non-personal or anonymized data with a government-appointed committee to share with the nation’s startups, Enright urged that governments around the world should do so “cautiously” as the space is still developing.

“When we talk about steps that need to be taken to provide start-ups in India with the tools and resources to innovate, our interests couldn’t be better aligned. Google benefits when more people use the Internet. As for the specific question of making large anonymous datasets available to fuel innovation, I think that because of uncertainty and inconsistency over time, it’s complicated what is persistently anonymous data and how to make those datasets available in a secure way and privately,” Enright said. “I urge caution before governments anywhere in the world enact sweeping mandates that require the data to be shared in any particular form, simply because our understanding of the security of sharing different types of data in different ways is evolving.”

Sybil Alvarez

"Incurable gamer. Infuriatingly humble coffee specialist. Professional music advocate."

Leave a Reply

Your email address will not be published.