SUMMARY
The regulations by the RBI are expected to affect companies such as Mastercard, American Express, Amazon, etc
RBI had set October 15 as the compliance deadline for payment companies
Paytm has urged the government to push for storage of customer data within the country and not allow mirroring of the data overseas
Bank regulation authority, the Reserve Bank of India (RBI) has asked the payment companies to submit their fortnightly updates on the progress made on storing data in India, as told by Visa group country manager (India and South Asia) TR Ramachandran in a media statement.
“They (RBI) have asked us for fortnightly updates on the progress, which was there as part of the circular itself,” Ramachandran said on the sidelines of the US-India Business Council’s India Ideas Summit held in Mumbai on September 5.
The central bank in a meeting on April 6 asked payment systems operating in the country to store local data related to payments in India. The RBI circular had set October 15 as the compliance deadline for payment companies, however, nothing related to fortnightly updates was mentioned in the circular.
The direction by the RBI, that asked payment operators to store data within India, is aimed to ensure that user details remain secure against privacy breaches. Also, the payment system companies were given a time of six months to comply with the norms.
According to Ramachandran, many payment companies have informed the central bank that they will be requiring more time, owing to the complexity of the issue.
“I think industry associations have made their presentations. Different companies have different technology architectures. The reality is, we also have to keep data privacy and security, and all those things in mind. There is a complex infrastructure”, Ramachandran said.
Inc42 earlier reported that digital payments company such as Paytm has urged the government to push for storage of customer data within the country, and not allow mirroring of the data overseas. Paytm maintains that mirroring of data is not the solution, and many countries have disallowed companies from doing so.
Data Localisation Becoming Mandatory
The furore over data leak started after the Cambridge Analytica incident that allegedly harvested the profiles of over 85 Mn Facebook users, without taking any approval, during the last US elections.
Following this, Facebook Chief Mark Zuckerberg had made a revelation that 5.62 Lakh people in India were ‘potentially affected’ by this global data leak crisis. 335 people in India were directly affected by an app installation, another 562,120 people were potentially affected as friends of those users.
Since then, the India government has also mandated data localisation and has already taken several steps to ensure data protection. Below are the recent developments that have taken place to ensure data localisation —
- Chinese smartphone maker Xiaomi has announced to migrate local data to India cloud infrastructure of Amazon Web Services (AWS) and Microsoft Azure.
- The draft Personal Data Protection Bill, 2018, submitted by Justice Sri Krishna Committee, also emphasised on the concept of data localisation.
- Telecom regulatory TRAI earlier recommended taking appropriate steps to protect user privacy vis-a-vis these entities, since all user data passes through telecoms and devices.
- Niti Aayog CEO Amitabh Kant earlier said that an enormous amount of data being generated in India throws a massive opportunity for startups in the country.
The Central Bank had first reported the issue of data localisation during the monetary policy discussion, which took place in April 2018. RBI said, “ensuring the safety and security of payment systems data by adoption of the best global standards and their continuous monitoring and surveillance is essential to reduce the risks from data breaches.”
[The development was reported by Livemint]
