Recent reports suggest that there are more than 500 million internet users in India currently. But only 38.5% of the population has access to the internet. The number of users is second only to China, which has 731 million internet users (52% have internet access). The US, with 312 million internet users is the third in the rankings, but about 80% of the population has access to the internet. Every person with a digital footprint is a source of all manner of data – where they go, what they eat, how they shop, how much they spend on what…everything one does is grist to the data mill. Data, modern wisdom has it, is the new oil. And India has a lot of data, with much more expected to be added to the mines as more and more people get online. How we deal with this ‘resource’ will determine our place at the international table in the near future. It is time to pay serious attention to issues of data protection and localisation.As things stand, data collected from individuals is owned and manipulated by the companies that collect it (such as Google, Apple, Facebook, and Amazon – the much vaunted GAFA oligopoly – and others such as ride sharing, food delivery, grocery apps, etc ). A lot of such privately held data can be used for governance and policy purposes. For instance, data from ride-sharing companies such as Uber and mapping tools such as Google Maps can provide key insights into how people in cities travel, and help develop solutions for making travel easier. But since the data is owned by a private company, policy makers and researchers have no access to it. However, this kind of personal data can also be used as a tool for surveillance and monitoring purposes, if not effectively regulated. It is here that strong data protection and localisation laws can help. Creating a responsible set of rules regarding mining, owning, sharing, and ­processing of such data can help regulate this incredible resource, use it better, and protect the privacy of citizens as well.While large technology companies have often argued that steps such as data localisation would restrict free trade and that cross-border data flows are vital for a modern economy, it is incumbent on governments to prioritise the security and safety of their citizens’ data over the profit margins of large multinational companies. The Srikrishna Committee Report on data protection and the RBI guidelines for fintech firms requiring them to store data of Indian citizens in the country are steps in the right direction, but a lot more needs to be done in terms of protection and localisation if India is to use the resource of data effectively in the future.