SMRITI PARSHEERA, PRATEEK JHA
Access to cross-border data for the state’s law-and-order-related functions is an integral piece of the law enforcement puzzle. State agencies’ ability to access data for such purposes is, however, shaped not only by domestic laws and practices but also by the laws of other countries and the state’s international commitments. In the case of India, the use of international cooperation mechanisms to balance efficient data access with protections for citizens’ privacy remains a relatively underexplored facet of its digital strategy. With its growing digital market, economic relevance for large global businesses, and strategic relationships with countries like the United States and those in the European Union (EU), India is well placed to not merely participate in but rather to lead the discussions on international data agreements on behalf of the developing world.
This paper evaluates India’s present mechanisms for data access by law enforcement authorities and existing arrangements for cross-border data access. It also analyzes the emerging global movement toward direct data access arrangements. Such arrangements authorize agencies in one jurisdiction to make direct data requests to service providers based in another jurisdiction. The Clarifying Lawful Overseas Use of Data (CLOUD) Act in the United States is an example of a legislative instrument that allows the United States to enter into executive agreements of this nature. Similar discussions are also underway in Europe under the European Commission’s e-evidence proposal involving its twenty-seven member countries and among the sixty-five states that are party to the Budapest Convention on Cyber Crimes. To date, India has not taken any concrete steps to evaluate the pros and cons of such arrangements. Neither has it paid serious regard to the critical and interconnected issue of reforming its domestic framework on lawful data access to ensure adherence with the fundamental right to privacy.