Companies in a cleft as data sharing gets difficult: Policy experts 

The data sharing depends on whether the Parliament of the country authorises the government to access such data.

As more countries formulate their own data protection laws, companies are struggling to manage government data requests for security reasons. Such sticky situations for companies are only going to worsen in coming days, as per legal and policy experts.

Such situations are likely to persist as more countries pass data protection laws unique to their territory, which restrict the open flow of information, Pranesh Prakash, Principal Consultant at Anekaanta Advisory and Co-founder of the Centre for Internet and Society told businessline.

Recently, the Central Board of Indirect Taxes & Customs (CBIC) trying to get European Airlines’ passenger data in February and the Securities and Exchange Board of India (SEBI) tried to access WhatsApp and Telegram conversations to curb unauthorised financial advices, but to no avail.

“This problem will exist and actually only get worse. Right now, companies deal with this by seeing which option exposes them to the higher amount of risk. If the risk is worth taking, given the benefits that they can get in terms of new customers and new revenue, they’ll take a calculated risk. However, in many cases, it’s just raw power that rules the field rather than any calculated principle on interpreting these difficulties,” said Prakash.

Meanwhile, Vivan Sharan, Partner at Koan Advisory Group, said that government requests to access company data are quite common. For example, there can be informal requests for sales data, supply chain data, etc. However, he said that it is not a simple question of jurisdictional catch-22. The data sharing depends on whether the Parliament of the country authorises the government to access such data. For example, in the US, the Patriot Act and Clarifying Lawful Overseas Use of Data (CLOUD) Act, allow the government to access data of US companies based in other countries.

“This is a question of administrative hygiene when it comes to respecting commercial operations and private property. For instance, organised datasets are protected by the prevailing copyright regime, many commercial data sets are of the nature of trade secrets, and so on,” said Sharan.

Need for new treaties

Media reports have also show how data localisation is becoming an important point in bilateral trade between countries as well. According to Arindrajit Basu, researcher and policy consultant, until recently, much of the world’s data was stored in the US. Countries like India, felt that the need for data localisation to access such data. Basu said that this is where the catch-22 situation for companies as well as data localisation argument stems from.

“The solution to this is to have smooth treaties that do two things: harmonise laws to the extent possible and ensure a clean and efficient data sharing mechanism,” he said.

Basu described this as a mutual legal assistance treaty between countries that allow the sharing of data. However, such treaties are unfair to countries like India who don’t actually host the data but require it for legitimate investigation purposes.

“So you need fairer data sharing treaties between countries to the extent possible to prevent the situation that companies would be in now. Currently, companies could deal with this situation would be on a case-by-case basis,” said Basu.

Published on April 9, 2025