In view of growing national security concerns and implementation challenges posed by the current draft of the data protection bill, there is a need for a robust data sovereignty framework in India, said a top executive from Esri India.
Speaking at a roundtable on data policy organised by think tank CKS, Agendra Kumar, MD of Esri India, pointed out that the proposed data protection legislation, open for stakeholder feedback, lacks clarity for private organisations.
“If that bill comes in the current form, it will not be easy to implement,” he said. While Kumar did not elaborate on all his concerns, he stressed that ambiguities in the bill could hinder compliance, particularly for businesses handling sensitive data.
National security and data control
Highlighting the geopolitical dimension of data governance, Kumar referenced the 1990s debate on globalisation and self-reliance. “If we had followed the idea of complete dependency on foreign capabilities, India would not be where it is today,” he said.
With India poised to become the world’s third-largest economy, he argued that competition, rather than collaboration, will define international relations.
Data, he noted, is a critical asset in modern warfare and cybersecurity.
“Without data, you cannot strike with precision. You need accurate, current data and the ability to manage it within the country,” he said. He called for a unified framework to consolidate and regulate access to data, particularly for defence and critical infrastructure.
Kumar expressed concerns over unchecked data outflow, citing everyday digital interactions. “Anytime you watch a YouTube video, your data is going out. When you visit certain websites or chatbots, they address you by name—everyone is carrying your data,” he said.
He admitted to avoiding some AI chatbots due to uncertainty over how collected data might be used.
The rise of mobile devices, while beneficial, has “increased security challenges manifold,” he said. India must strike a balance between technological adoption and data protection, ensuring that sensitive information does not leave the country without oversight.
Data retention and management
Another key issue Kumar raised was the lack of clear guidelines on data retention. “There is no clarity on how long we should keep data. For each type of data, there should be a defined timeline,” he said.
Unnecessary data accumulation not only complicates storage and searchability but also increases vulnerability to breaches.
Kumar underscored the need to safeguard not just defence systems but also financial, energy and telecommunication networks.
“We need the right processes, technology and skilled personnel to act swiftly in securing our critical IT infrastructure,” he said. A resilient data ecosystem, he argued, is essential for India’s economic stability and strategic autonomy.
As India advances in innovation and intellectual property creation, Kumar urged the government to adopt a coherent data sovereignty policy—one that balances security, privacy, and economic growth without stifling technological progress.
