The RBI on April 6, mandated all payment companies — global and local — to set up data storage facilities within India by October. This decision has split the Indian digital payments industry putting on stage different views. As per an ET report, an industry grouping has termed the decision as “heavy-handed” and is planning to send a formal representation to the regulator highlighting its concerns.
“What RBI is doing is heavy-handedness. A regulator should not bring about such fundamental changes without consultation with a cross section of affected parties,” said Subho Ray, president of Internet and Mobile Association of India (IAMAI) in a media statement.
The IAMAI is further looking for more data replication solutions rather than restricting the data inside the country, as in any case data is kept in multiple locations, in order to have backup data centres.
As Inc42 reported earlier, the companies have been given six months to comply with the newly-released norms. According to the RBI, currently, only a certain percentage of payment system operators and their outsourcing partners store the user data within the country, either partially or completely.
The RBI in its notification stated, “While the digital payments ecosystem has grown in India, it needed ‘unfettered supervisory access’ to transaction data to ensure better monitoring of the payment ecosystem. The only exception it gave was for foreign transactions, where the data generated overseas could be stored outside India.”
These are tough times particularly for the foreign entities like Google, Amazon and WhatsApp, who have recently launched their payment apps in the country. Most recently, a Factor daily report quoted that Facebook is also vying to enter the Indian digital payments space and has rolled out a beta version on its messenger.
Companies like MasterCard are also in the state of schism. “In processing transactions, MasterCard’s network only receives the card account number, the merchant name and location, the date and the total amount of the transaction. MasterCard does not have any insights on what the cardholder is buying. We intend to work with the Reserve Bank of India to discuss the details of the directive as part of our ongoing dialogue around payments and data practices with governments, regulators and policy makers across the globe,” said Porush Singh, divisional president of MasterCard for South Asia to ET.
The RBI’s decision has however been supported by Paytm, Microsoft and a few others.
What Makes RBI To Pull In Gears Here?
The decision came in the wake of the recent Cambridge Analytica-Facebook fiasco, where the data of 87 Mn global Facebook users was said to be breached and was alleged to be used to reach voters on social media with personalised messages during Trump’s campaign in the US.
The ongoing Supreme Court hearings on Aadhaar data privacy and data leakage issues have also been impacted by the Cambridge Analytica-Facebook row. As the 2019 elections are approaching in India, the authorities are concerned if Aadhaar can also lead to a similar data breach. However, UIDAI has defended Aadhaar by stating that they don’t have data analysis tools like its western counterparts and Aadhaar is more a matching algorithm.
In line with this, the local digital payments major Paytm has been aggressively putting out its views on taking stringent measures to protect the data of the Indian citizens. “We, as a country, cannot allow misuse of data. Companies have an unprecedented amount of data on consumers. But the debate that who owns that data has only one answer — customer owns that data and no one else should be allowed to own it, be it company or government,” said Vijay shekhar Sharma, the founder and CEO of Paytm in an earlier media statement.
Also, in a recent statement, Paytm stated that India requires stricter data privacy laws to prevent free movement of user details across the border, especially by global companies that have entered the country’s digital payments space in the recent times.
“We are not a third world country with respect to digital issues, we do not need western companies to come in with superior technology per say and solve payments for us. These players are into digital payments not because they want to solve payment problems in India. They are here because (for them payments) data is the missing point in the puzzle right now,” said Kiran Vasireddy, Chief Operating Officer at Paytm.
Why So Much Fuss Over Data And The Local Storage?
The digital payments sector is projected to reach $500 Bn by 2020, contributing 15% of India’s GDP, as per a recent report by Google and Boston Consulting Group. A report by Credit Suisse predicts that the market, which is currently worth around $200 Bn, is expected to grow five-fold to reach $1 Tn by 2023.
The growing adoption of UPI and mobile wallets is further making the Indian digital payments an attractive segment for the foreign players. According to the RBI, in January 2018, transactions worth $2 Tn (INR 131.95 Tn) were carried out on mobile wallets. Further, UPI clocked 171.4 Mn transactions in February. This is a 13.5% increase from the previous month, according to the data released by the National Payments Corporation of India (NPCI).
Also, the Indian smartphone user base is currently projected to be 300 Mn and is further expected to grow by more than 50%.
In such a scenario, data is the ultimate key to win over the Indian users and provide them with personalised experiences. So what sort of data the digital payment companies are collecting? Here is a snapshot from Google Tez’s ‘Terms of Service’ agreement (yes.. The same which a majority of us never take a pain to read before checking the ‘agree’ box).
Also, a debate in India is on whether Aadhar should be mandatorily linked to all digital payment services, bank accounts and mobile numbers or not. A golden opportunity for the digital payments giants to further get access to Indian citizens biometric data, in the near future. The recent incident where Robert Elliot hacked the Aadhar data and posted snippets on twitter is something which cannot be ignored and leaves us with the question that why nothing like this can happen in future.
The situation can become more grim for the local digital payment companies in India like Paytm, MobiKwik, PhonePe, amongst others as all are operating majorly on external funding. While Paytm has sold its major stakes to investors like Alibaba and Softbank, PhonePe’s future looks dicey as parent Flipkart seems willing to surrender to global retail giant Walmart.
However, if the RBI continues with its decision, this can significantly affect companies like Google and Amazon who are trying to pull in gears in the Indianhyperlocal and online grocery segment as well. This will also increase their cost of operations as majorly all global companies have their data stored at centralised data servers.
Considering the debacle that the world is facing today in terms of data issues, the stress on data protection highlights the pivotal role of technology in our daily lives. We are living today in a world where technology has sweeped in to touch every aspect of our lives and this makes protecting our data even more crucial. . By forcing global payment giants to store data locally, how far the RBI and the Indian authorities can go in their data protection movement, is something only time could tell.