Over a year after it first issued its data localisation circular and eight months after that circular was to be brought into effect, the
Reserve Bank of India (RBI) has issued frequently asked questions (FAQs) on the circular on Wednesday.
The central bank has made it clear that payment system data is to be stored exclusively in India, and that if the data needs to be processed abroad, all copies of that data must be deleted within 24 hours. Additionally, if payment data is to be shared with foreign regulators, then the central bank’s permission needs to be taken first.
While local
payment players were enthused with the RBI’s decision to implement the norms, the circular has been a stumbling block for multinational players like MasterCard and Visa, who are yet to comply with the norms required.
Multinational companies have data centres around the globe that are synced to the Cloud, and screening out Indian data and setting up data centres within the geographical boundaries of the country will require additional investment.
The
data localisation argument has heated up again this year after the government announced its intent to bring ecommerce companies under the ambit of the rules amid resistance from the United States.
The US National Trade Estimate Report of 2018 highlighted India’s data localisation policy as a trade barrier for US companies. Discussions over data localisation are expected to be a big part of the talks between the two countries over the course of US secretary of state Mike Pompeo’s visit to India and at the G20 Summit later this week.
First Published: Jun 26, 2019 6:30 PM IST