With the ban on some 220 Chinese apps, India may have protected its sovereignty and integrity from prying Chinese eyes. But authorities, however, don’t seem to have a clue in protecting the country’s data from Chinese investors, who continue to invest in Indian apps and unicorns and gain access to data of users, who are predominantly Indian citizens. Besides the agreements between the investors and the apps are not in public forums for analysts to study it.

While the government did see the threat from the Chinese apps, it does not see any from investors from China accessing data of Indian consumers from their Indian partners. It is high time the government answer this question: Should the government continue to allow Chinese investors in Indian unicorns without adequate norms for protecting Indian users’ data?

During 2016-19, Chinese investments in Indian start-ups have grown 12 times. An India Today report listed the Alibaba Group’s strategic investments in Indian unicorns, starting from Big Basket ($250 million), Paytm.com ($400 million), Paytm Mall ($150 million), Zomato ($200 million) to Snapdeal ($700 million). Tencent, the other Chinese company, has invested in Indian firms like Byju’s ($50 million), Flipkart ($300 million), Hike Messenger ($150 million), Ola ($500 million) and Swiggy ($500 million). The investment from China seems to have fallen in 2020 following changes in the foreign direct investment rules that made prior government approval mandatory for investments from countries that share a land border with India. The Alibaba Group is among those hit by the new norms and is unlikely to sign fresh deals to fund Indian companies.

A recent Indian Express report said a Shenzen-based tech company with links to the Chinese government and Chinese Communist Party is monitoring 10,000 individuals and organisations including key decision-makers like the Prime Minister, Chief of Defence Staff among others.

Given the ban on apps because they were a threat to security, the government is yet to formulate full-fledged data security norms. Cyberlaw expert Pavan Duggal, who spoke to APN, said, “Chinese apps like Tiktok, Shareit were a great threat to Indian data because these apps, compared to other apps, were asking for a lot of permissions. They were generating and collecting a lot of personal data of users and sending them to servers in China which could be analysed using artificial intelligence and machine learning.”

“Any and every server anywhere is vulnerable to a potential data breach. But servers in China are highly vulnerable as China has a national cybersecurity law from 2017 and under this law, any information to servers, systems located within China could be automatically accessed or shared with the Chinese government. Hence, data on Chinese servers is not at all safe,” -Duggal

“On the other hand, India does not have any law on data protection. The Personal Data Protection Bill, 2019 is pending for consideration of the joint parliamentary committee. As far as data is concerned, India is a leaking ecosystem,” he said.

Economist Akash Jindal said India needs to curb Chinese investment because it’s a threat to national security. When asked about the economic impact of curbing Chinese FDI, he said if we are able to market ourselves well, we would be in a position to solicit the same FDI from other countries. 

On the security implications of a potential data breach in apps/companies associated with Chinese investors, defence expert PK Sehgal said not only does India need to ban apps linked to China, but “we also need to ban companies like Tencent, Alibaba who are stealing our data”. The moment India does it, other countries will follow, he said.

Talking about modern warfare, he said predictability plays an important role in warfare and data can help to predict the enemy, hence, security implications of a data breach are manifold. Data help to carry out psycho-analysis of important personalities and how leaders are going to react in a certain situation, he said. Sehgal emphasised on the need to take cyber warfare more seriously.

“India needs to secure data as the Chinese are in a position to create chaos and mayhem in India. Through the use of artificial intelligence, China can refine data and can impact India’s financial sector, railways, power grid. Before a single bullet is fired, there may be chaos and mayhem in India,” he added.

He emphasised on the use of information, misinformation, disinformation, propaganda as the tools of modern war. Last year, an Army Jawan was honey-trapped via social media and ended up sharing confidential information with Pakistani agencies. When asked about the laws/guidelines for defence personnel using apps, Sehgal added the Defence Ministry has very clear instructions that defence personnel are not supposed to have these apps, but it is tough to monitor each Jawan. Jawans are the most vulnerable for a potential honey trap, Sehgal said.

Given this situation, India needs to come up with a clear and cogent policy to deal with data localisation and specific guidelines so that the data has to be dedicatedly protected, otherwise Chinese investors could impact Indian security, sovereignty and integrity.