RBI sticks with plans to force to store data locally
The deadline for the companies to adhere is October 15. The directive is part of a wider push by India to ask companies to store more of their data locally at a time when governments globally are enforcing more stringent rules to protect user data
The Reserve Bank of India will implement in full its directive that forces global payment companies to store data locally from this month, four sources told Reuters, a blow to the firms who had lobbied to dilute the measure. The central bank in April said all payments data should within six months be stored only in the country for “unfettered supervisory access.”
The deadline for the companies to adhere is October 15. The directive is part of a wider push by India to ask companies to store more of their data locally at a time when governments globally are enforcing more stringent rules to protect user data.
However, the global payments companies fear the new rules would increase their infrastructure costs, hit their global fraud detection analytic platforms and affect planned investments in the country at a time when more and more Indians are using digital modes of payments.
Firms such as Mastercard, Visa and American Express have in recent months met with Indian policymakers, including Finance Minister Arun Jaitley, to push for an extension of the RBI’s deadline.
They also repeatedly sought dilution of the RBI directive, requesting that they be allowed to store data both locally and at their offshore offices, a practice widely known as ‘data mirroring’.
But in a meeting between RBI officials and U.S. payment companies in Mumbai on Wednesday, central bank officials said the industry will need to store all their data only within the country, as per its April directive, and said data mirroring will not be allowed, four sources aware of the discussions said.
“They specifically said no mirroring, the meeting was bad (for the industry), it’s pretty clear,” said one of the industry sources.
The RBI also conveyed in the meeting it was not willing to extend the deadline for compliance to the directive, the sources said. The RBI did not immediately respond to a request for comment. Mastercard, Visa and American Express also did not respond.
Government sources have previously told Reuters that stringent data localisation measures were essential for gaining easier access to data during investigations.
Whatsapp has built a system to store its payment data locally, the company said on Tuesday. The Facebook-owned messenger had begun testing its payments service in India and is keen to deepen its reach. It was easier for companies such as Whatsapp, which have a relatively smaller-scale payments platform in India, to comply with the central bank directive, but the bigger payment firms will need more time, one of the sources said.
“The bigger companies will have to change a lot of things such as setting up servers and replicating payment processing tools,” the source said. Another source, who works at a multinational payment company, said moving and storing its data only in India would take at least 12-18 months.