SUMMARY
Although the October 15 data localisation deadline is nearing, payment companies are not operationally ready to comply with the order
At a scheduled meeting with the finance minister, the executives of these companies are looking to understand the government's stance
The companies are trying a last-minute push with the finance minister since they couldn't convince the RBI to push back the deadline
A consortium of global payment companies is expected to meet finance minister Arun Jaitley today (October 5) to seek an extension from the government on the October 15 deadline for data localisation, according to reports. They will also seek the government’s help to get the Reserve Bank of India (RBI) to relax its “rigid” stance of on its April order, which mandates payments companies to store all their data relating to Indian users on a server in India.
The consortium is said to include payment companies such as Visa, Mastercard, and Paypal, along with industry associations such as the US-India Strategic Partnership Forum (USISPF). Representatives of companies such as Google, Facebook, and Amazon are also expected to join the delegation.
According to reports, the payment companies have a two-fold demand. They are:
- Seeking more time to comply with the data localisation norms
- Seeking relaxation of the order that mandates storage of data within the country
In April, the RBI had asked all payment system operators in the country to store data relating to their Indian customers locally to ensure that user details remain secure in case of privacy breaches. Payment companies have been given time until October 15 to comply with these guidelines.
The meeting is the last shot for these companies to get their requests accepted after they couldn’t convince the RBI to defer the deadline.
Payment Companies: Data Localisation Or Data Mirroring?
With just 10 days to go, the payment companies are stuck in a difficult situation as they’re not operationally ready to comply with the data localisation order.
At this scheduled meeting with the finance minister, the payment company executives are expected to discuss how difficult it is for them to implement the order. They will also seek to gauge the government’s stance on the matter. The companies had expected the RBI to be more consultative, a report cited sources as saying.
The companies claimed there has been no communication or clarification from the RBI on the matter. They added that no guidelines or FAQs have been issued either.
During their attempts to get the deadline extended or get the norms eased, discussions also surfaced on data mirroring (meaning that a copy of data stored internationally be saved in India as well). Even if the companies are able to get the RBI’s and government’s support on data mirroring, they would still need an extension till December at least to comply with the norm.
The idea of data mirroring was also highlighted in Srikrishna Committee’s Draft Data Protection Bill, which proposes that Internet and payments companies store a copy of all personal data of Indian users locally. It has also recommended that critical personal data — to be defined by the government — be stored only in India, a provision that has sparked concern among global firms.
The payment companies are hoping to leverage this recommendation to convince the government to get the banking regulator to change its stoic stance on the matter.
Paytm, Google, Alibaba Support Data Localisation
Meanwhile, even as the debate on data localisation continues, some stakeholders of the payments industry are taking the government’s side.
The group of companies supporting data localisation includes Alibaba, Paytm, Google, Microsoft, Xiaomi, and VMW, among others. Recently, Alibaba Cloud president Simon Hu said that the company was keen on data localisation in every country to promote data security.
Recently, in a letter to the top executives of the Internet and Mobile Association of India (IAMAI) and the Payments Council of India (PCI), Paytm said, “This is the moment for us to support our nation and promote ‘Data Sovereignty’ over ‘Data Monopolisation’, which is possible through data localisation.”
Earlier, reports surfaced that global search giant Google has agreed to abide by all the RBI requirements, but has sought around two months extra to comply with the guidelines. In a media interaction, Google CEO Sundar Pichai also pitched in for a free flow of cross-border data on the Internet, emphasising on security and privacy of users.
If the payment companies fail to get the deadline extended, many of them may have to halt their operations in India till such time as they can comply with the data localisation mandate. It must be noted that these companies control more than 900 Mn credit/debit cards in India.
With the meeting scheduled to be held today, the stance of the finance ministry on the matter is much awaited.
[The development was reported by ET.]
