Data storage issue may hit services of foreign credit card companies
15 Oct 2018
Holders of credit cards with labels like Facebook, Mastercard, Visa, American Express, PayPal, Amazon and Microsoft could get affected if these companies fail to comply with a Reserve Bank of India (RBI) requirement that they store financial data collected in Indian within the borders.
With the exception of WhatsApp, most foreign financial technology firms have not complied with the RBI directive and instead are seeking relaxation in the rules or at least postponement of deadline.
WhatsApp, which is testing its payment service in India said last week that it has developed a system to store data locally, a move that is likely to put pressure on companies like Google and Amazon to follow suit.
RBI said it will not relax the 15 October deadline for global financial technology (fintech ) companies to comply with its data localisation norms in the public interest.
The financial tech companies like Mastercard, Visa, American Express, Amazon etc have big credit card presence in this country, but they continue to store data of Indian customers in servers in the US even six months after the central bank’s directive in April to store transaction data of Indian customers within India.
However, the US wants regulatory regimes in all countries to serve its interests and is arguing for a free flow of financial information of private citizens across the globe – a move by the US to bring financial discipline across nations.
"We want to have prohibitions on data localisation to ensure free flow of information, free flow of data across borders, disciplines around countries requiring companies to give up their source code, permanent ban on taxation or duties on digital transmissions,"Dennis Shea, Deputy US Trade Representative and US Ambassador to the WTO, told a Washington audience on Friday.
RBI had, in April, said in order to ensure better monitoring of payment service operators it is important to have “unfettered supervisory access to data stored with these system providers as also with their service providers/ intermediaries/third party vendors and other entities in the payment ecosystem”.
"All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India," it had said. The RBI further said data should include the full end-to-end transaction details, information collected/carried/ processed as part of the message/payment instruction.
Data localisation requires data about residents be collected, processed, and stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws.
While local companies have welcomed RBI’s guidelines, global companies that fear an increase in their expenses instead proposed to provide mirror data instead of original data, which the RBI rejected.
Further, the deadline issued by Reserve Bank of India’s (RBI's) to financial institutions to store data locally would end on October 15.
WhatsApp, which is testing its payment service in India said last week that it has developed a system to store data locally, a move that is likely to put pressure on companies like Google and Amazon to follow suit.
While foreign players are looking at the payments platform as a means to drive growth in India, with more than 20 official scripts in India, they face the task of evolving a language-compatibility technology in India.