SUMMARY
• Addressing the TRAI recommendations, Paytm COO said it supports the move to identify the user as the ultimate owner of their data
• The payment system companies had been given six months to comply with the data localisation norms
• Paytm said mirroring of data is not the solution and many countries have disallowed companies from doing so
As the deadline for Data Protection Act nears, the uproar in the Indian economy has been increasing. After Telecom Regulatory Authority of India (TRAI) introduced its recommendations for data protection, the issues around data localisation have now come to light again.
The digital payment company Paytm has urged the government to push for storage of customer data within the country and not allow mirroring of the data overseas.
Kiran Vasireddy, chief operating officer at Paytm said, “On the data storage bit, obviously we believe that it should be stored locally. The moment data leaves the country, it falls under various jurisdictions, which in many cases, are beyond our control. It is important to keep all the data here so that the laws of the land can be made applicable to them.”
Addressing the TRAI recommendations, Vasireddy said it supports the move to identify the user as the ultimate owner of their data while every other player in the ecosystem is only a custodian.
He also emphasised that Google rejected 55% of the government’s requests for data as a strong point of proof for the government to push for storage of data locally.
Paytm further said mirroring of data is not the solution and many countries have disallowed companies from doing so.
“The ideal thing is to see whether data can be stored in India itself. It is not majorly a cost issue and for all these large players, the cost will be negligible. It is more to do with intent,” said Vasireddy.
In April, the Reserve Bank of India (RBI) had asked all payment system operators in the country to store data relating to their customers in India to ensure that user details remain secure in case of privacy breaches.
The development came in line with reports claiming that Cambridge Analytica harvested the profiles of up to 50 Mn Facebook users without their approval during the last US elections, privacy advocates in India, as well as the government itself, have raised concerns that a similar breach could happen here to target voter opinion.
Later, it was revealed that data of over 87 Mn users was shared with Cambridge Analytica. Recently, Facebook Chief Mark Zuckerberg made the revelation that 562K people in India were ‘potentially affected’ by this global data leak crisis.
The payment system companies had been given six months to comply with the new norms. According to the RBI, at present, only a handful of payment system operators in India and their outsourcing partners store user data, either partially or completely.
RBI said that the payment ecosystem in India had “expanded considerably”, making it necessary to ensure “the safety and security” of data with data localisation.
Recently, in a June 2018 meeting with RBI officials and executives from payment companies, the finance ministry suggested that a possible solution could be that companies would be allowed to store their data offshore, as long as a copy was kept in India.
The directive by RBI received the support of players like Paytm, Google and Microsoft, while the Internet & Mobile Association of India (IAMAI) said that app makers were already heavily regulated under the IT Act.
Also, a white paper by the Srikrishna committee had examined the data localisation mandate saying that it could help protect the rights of users and prevent foreign surveillance.
As global players identify India as a high-growth market and place bets on the economy, data concerns can be a huge hindrance to the country’s growth.
[The development was reported by ET.]
