Mastercard, the global card payments giant, on Tuesday, said that it has started to store its new Indian transactions data locally since it has started complying with a regulatory directive which US companies unsuccessfully lobbied hard to dilute.
The Indian central bank in April said that companies such as Mastercard, Visa, and American Express will have to store their payments data “only in India” from October onwards so that the regulator could have “unfettered supervisory access”.
This directive sparked a series of aggressive lobbying effort from the US companies which considered that the rules will end up increasing their infrastructure costs and also hit their global fraud detection platforms in addition to affecting their planned investments in India wherein more and more digital modes of payments are being used by the people. The companies tried to seek dilution of the central bank directive, and requested them to be allowed to store data both locally as well as at their offshore offices, which is a widely known practice known as “data mirroring”. But their requests were declined.
Mastercard said that it has submitted a proposal with the Reserve Bank of India (RBI) to “store data only in India within a specified timeframe”, but the timeframe was not specified.
Industry sources said that following Mastercard, Visa has also started to store a copy of its new transaction data locally and it also sought some time from the RBI to comply with the requirement to store Indian data only within the country. Visa and Mastercard didn’t comment on the same.
The RBI directive was a part of a wider push by India in order to ask companies to store most of their data locally at a given time frame since governments are globally enforcing more stringent rules to protect user data. Previously, government sources told Reuters that stringent data localisation measures are extremely essential to gain easy access to data during criminal and other investigations.
This month, two U.S. senators called on Indian Prime Minister Narendra Modi to soften India’s stance on data localization by warning that these measures might represent “key trade barriers” between the two nations.
Apart from the RBI proposal, India is also working on an overarching data protection law which calls for the storage of all critical personal data in India only. E-commerce and cloud computing policies are also being developed for data privacy and security of Indian citizens.