Mastercard is looking to comply with Reserve Bank of India’s data localisation norms and has already begun removing data of Indian users stored in overseas servers. This process is expected to be completed by the end of this year.
According to a report by Business Standard, the company has been in compliance with the data localisation norms since October 2018, as transaction data of the Indian users are being stored in local servers only.
This development comes right after Mastercard said that it will invest $1 Bn in India over the course of the next five years. Earlier this month, the company said that it will be building its first data processing centre outside in India which will cost around $350 Mn.
The centre, which is in accordance with the Indian government’s data localisation policy, is expected to be fully functional in the next 18 months. The company claims the centre will provide employment to 1,000 people.
RBI’s Push For Localisation Of Payments Data In India
The central bank’s directive mandated all the digital payments company to store the user data locally in Indian servers. This data must include the full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction.
While certain companies such as Alibaba, Paytm, Google, Microsoft, Xiaomi, and VMW, among others had voiced their opinions in support of the norm, some of the US companies including Visa and Mastercard had demanded 12 months extension to comply with the RBI directive on data localisation.
Facebook-owned messaging app WhatsApp is also facing issues in launching its payment service WhatsApp Pay in India due to the localisation directive. The company might take up to five months to comply with the country’s data localisation norms to launch its payments service
India’s data localisation stance has been criticised by foreign players and the governments. Most recently in May. the US government said that it believes that India lacks the required infrastructure to be able to save its companies’ data, during bilateral talks.
Last year, the European Union (EU) expressed its concerns over the data protection bill and the localisation mandate. Bruno Gencarelli, the head of the International Data Flows and Protection Unit at the European Commission (EC) had said that the data localisation requirements are unnecessary and potentially harmful. It could also create unnecessary costs, difficulties, and uncertainties that could hamper business and investments.