[Ed Note: The following post is part of the TLF Editorial Board Test 2020-21. It has been authored by Manasvin Andra, a fourth year student of NALSAR University of Law.]
Data localisation laws have been on the rise in recent years. Since Edward Snowden’s revelations regarding the National Security Agency’s PRISM program, states have begun associating informational security with the need to retain data within their territories. The list of countries insisting on data localisation is long, including Brazil, Germany, Russia and South Korea. India is also on the path to adopting localisation norms, primarily through the revised Personal Data Protection Bill, 2019.
While localisation has spurred intense discussion regarding its utility, a key theme has been the discussion surrounding the potential emergence of a ‘splinternet’. This refers to the idea of an internet that is broken into national and regional pieces, which is the product of the enforcement of territorial barriers over the internet as opposed to permitting free cross-border movement of data. The increasing prevalence of data localisation has raised fears that it might lead to the “Balkanization of the Internet”, in the process stripping the Internet of its attribute as being a place of free exchange of information and ideas.
The consequences of the breakup of the internet have cast a spotlight on data localisation and have spurred debates about how data is to be treated. Loosely, this debate has given rise to two distinct schools of thought, where solutions to the splinternet turn on the question of whether data is to be treated in a sui generis or ordinary manner. This post will attempt to outline the two areas as a way of introducing the debate surrounding the splinternet. Subsequently, a practical solution to the splinternet will be discussed, though this does not touch upon the normative debates regarding the nature of data.
Treating Data ‘Exceptionally’
As data continues to occupy an outsized role in modern life, the challenges that it presents to traditional notions of law have become ever more complex and contradictory. In response, some scholars have posited solutions that directly confront the uniqueness of data – by making the case for sui generis laws to be evolved which treat data as a unique entity. This is based on the view that the splinternet can be avoided if a separate framework is evolved for treating data, which can then be adopted on a global basis.
In the quest to formulate new principles, data scholars have rejected the territoriality principle, by arguing first, that presuming territorial jurisdiction as the default standard is unjustified, and second, that data-related disputes exacerbate the pre-existing issues associated with this doctrine. Here, territoriality is the assumption that states have exclusive authority to deal with issues arising within their territories. As a result, the argument of scholars in this group proceeds on the need for a different basis for determining jurisdiction, and various criteria have been prescribed in this regard. While solutions ranging from multilateral treaties to the evolution of common norms have been proposed, consensus on treating data as an exceptional commodity has received a muted response, given the difficulty involved in determining a course of action once it is agreed that data ought to be treated ‘exceptionally’.
The Realist Response
While proposals for treating data differently have an intuitive appeal, some scholars have pushed back against data ‘exceptionalism’ by reemphasizing the utility of existing legal frameworks. Here, the argument is that the splinternet already exists in a diluted form, and it is suggested that the way forward is about placating states’ concerns regarding data (by treating it as a regular commodity) than about formulating new and imprecise rules.
The starting point of this view is that the territoriality principle continues to hold despite the diffuse nature of data, since courts’ jurisdiction relates largely to data’s physical location, the domicile of the data controller and the citizenship of the victim and offender. Proponents of this school – which can loosely be described as realism – argue that this perspective offers an established toolkit to adjudicate data-related disputes, while allowing states to refrain from engaging in the contentious process of evolving new laws. To this end, data is described as a commodity with unexceptional features, sharing its key attributes – such as intangibility, mobility and divisibility – with instruments such as stocks and bonds. This being the case, it is argued that it would be premature to consider data as a novel commodity, at least before an attempt is made to treat it through existing frameworks.
Further, the solution proposed is that courts continue to exercise control over servers when they are physically stored within the country, while dipping into conflict of laws jurisprudence when the location of the data is outside the borders. Since the principle underlying conflict jurisprudence is an evaluation of competing state interests, realist scholars believe that this branch of law fosters a collaborative atmosphere between judiciaries in different states. The idea is that data ought to be treated as a regular commodity, which avoids the need to examine its nature and clears the path towards workable solutions.
A Practical Solution
While academia continues to debate the nature of data, courts have generally been inconsistent in their approaches to the subject. In the absence of broad consensus regarding the commodity, evolving uniform principles has been a complicated exercise for judicial institutions across the world.
Given that data has had a significant impact on economy and polity, a solution that has garnered increasing support in recent times is the revival of the system of Mutual Legal Assistance Treaties [‘MLATs’]. It is suggested that MLATs allow states to build on the idea of global cooperation between law enforcement agencies and provide for collaborative solutions that are required to address concerns surrounding the splinternet. The reasoning behind such treaties is that enhancing ease of access to data takes away the primary incentive for data localisation, as states can access data quickly without requiring companies to store it within the territory. However, such a system also poses serious issues of accountability, which complicate matters for the proponents of the MLAT solution.
Firstly, states seek to obtain as much data as possible about their citizens, which could pose problems relating to privacy and human rights. An MLAT will have to be drafted with safeguards to prevent this issue, which requires the inclusion of civil society in the negotiating process. Secondly, given the reach of Silicon Valley companies, a disproportionate number of requests are directed towards the US government. The prospect of engaging with the US Dept. of Justice will likely prove to be a sticking point for several countries, which might take away the effectiveness of an MLAT. Finally, the current process for requesting data is cumbersome, though it must be kept in mind that this is the precise issue which reform proposals are aiming to overcome.
While alternatives like MLAT ‘workarounds’ (such as direct requests for data under the recipient state’s laws) have been proposed, MLATs – combined with collaboration between sovereigns – remain the best chance of preventing the emergence of the splinternet. The debates regarding the nature of data are significant in terms of evolving judicial principles, but a solution is needed in the short term to prevent balkanisation of the internet. To this end, it is submitted that securing easy access to data for states without localisation norms forms an important step, which can be achieved through the MLAT process.