SUMMARY
14 members of the RCEP opposed data localisation
RBI mandated entire data relating to payment systems stored only in India
No issue related to data transfers has been settled yet at RCEP
Amid the ongoing negotiations of the proposed Regional Comprehensive Economic Partnership (RCEP) trade agreement, India has proposed to locate computing facilities inside the country for security and protect national interests.
According to a media report, India said that only where it is a matter of legitimate public policy objective or necessary for protecting “security interests or national interests,” the participating countries may prevent the cross-border transfer of most pieces of information by electronic means, including personal information.
In the financial services chapter of the Association of Southeast Asian Nations (ASEAN) agreement in Vietnam, India agreed that financial services companies will be allowed to move and store data of Indians abroad last month.
Yet on Friday, India came up with the new proposal to locate computing facilities inside the country on the ASEAN Package. While New Delhi supported data localisation, 14 members of the 16-country RCEP, including ASEAN, opposed data localisation.
India’s proposal for data localisation is crucial as one of the April 2018 notifications of Reserve Bank of India (RBI) mandated system providers to ensure that the entire data relating to payment systems operated by them are stored in a system only in India. Furthermore, RBI clarified that a copy of domestic data can be stored abroad in the case of cross-border transactions.
In yesterday’s proposal, India also said, “no party shall have recourse to dispute settlement for any matter relating to electronic commerce arising under any of the chapters/ any provision in this agreement”.
An official told ET that till now no issue has been settled including those related to data transfers. “ASEAN has moved a compromise proposal that is being discussed,” he added.
The Indian government has taken an uncompromising stand on the country’s data sovereignty till now. The draft data protection bill from July 2018 remains under consultation with the central government and the ministry of electronics and information technology (MeitY).
Earlier, the commerce and industry ministry had demanded strict data localisation norms. But since the MeitY is working on the Personal Data Protection Bill, it becomes the nodal agency for all data-related matters.
