Finance Ministry Proposes RBI’s Data Localisation Directive Be Relaxed

After the RBI’s directive to payment system operators in the country to store data within India, the finance ministry has now proposed relaxing the directive.

Reports have surfaced that in a meeting held in June with RBI officials and executives from payment companies, the finance ministry suggested that a possible solution could be that companies would be allowed to store their data offshore, as long as a copy was kept in India.

Since the RBI issued the directive, companies have been opposing the apex bank’s restriction on storing data overseas and have been lobbying that the directive be revoked.

The finance ministry also proposed that the RBI issue a clarification on the kind of data that needs to be stored in India and the time given to companies implement the directive.

The meeting in June was chaired by the government’s economic affairs secretary Subhash Chandra Garg and attended by other ministry and RBI officials, as well as executives from companies such as MasterCard, Visa, and American Express.

At the meeting, RBI executive director S Ganesh Kumar said that the bank had been approached about the companies’ concerns and was in the process of issuing a circular to clarify the rules.

Suggestions made at the meeting would be helpful in deciding the matter, Kumar said.

In the beginning, RBI had resisted the lobbying asking companies to comply instead of complaining.

The industry has raised its concerns mainly over restricting data storage to India, a lack of clarity on the type of data that needed to be stored and the timeline to implement the rules.

During the June meeting, representatives from US lobby group US-India Business Council (USIBC) said that storing the data only in India would be a security risk, as in the event of a natural disaster no-one would have access to it if it was all stored in one place.

The representatives added that only after understanding the kind of data that needed to be stored would they be able to estimate the time needed to set up the necessary infrastructure.

At present, Global payment firms currently store and process Indian transactions outside the country.

The payment system companies had been given six months to comply with the newly-released norms. According to the RBI, currently, only a certain percentage of payment system operators and their outsourcing partners store the user data within the country, either partially or completely.

The development came in line with reports claiming that Cambridge Analytica harvested the profiles of up to 50 Mn Facebook users without their approval during the last US elections, privacy advocates in India, as well as the government itself, have raised concerns that a similar breach could happen here to target voter opinion.

Later, it was revealed that data of over 87 Mn users was shared with Cambridge Analytica. Recently, Facebook Chief Mark Zuckerberg made the revelation that 562K people in India were ‘potentially affected’ by this global data leak crisis.

In April, RBI said that the payment ecosystem in India had “expanded considerably”, making it necessary to ensure “the safety and security” of data.

The directive by RBI received the support of players like Paytm, Google and Microsoft, while the Internet & Mobile Association of India (IAMAI) said that app makers were already heavily regulated under the IT Act.

Also, a white paper by the Srikrishna committee had examined the data localisation mandate saying that it could help protect rights of users and prevent foreign surveillance.

However, it also emphasised that a localisation mandate will have its costs for companies as servers and data centres will have to be put in place, adding “economy-wide data localisation requirements have led to a negative impact on GDP in several countries where such requirements have been considered”.

The data localisation mandate was introduced in view of increasing data breaches across the world and in India. The move by the finance ministry to relax the norms is likely to brew trouble in such a scenario.

[The development was reported by Reuters.]

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.