Data localisation: RBI may not penalise cos for not meeting deadline, for now

India’s central bank may not immediately penalise payment companies for not meeting data localisation norms — the deadline for which expired Monday — but they will have to submit a schedule for adhering to them if they haven’t done so already. Most of those operating in the digital payments space have either complied with or submitted a timeline for compliance, a person with knowledge of the matter told. Despite intense lobbying against them, there will be no easing of the localisation rules, policymakers insisted. The Reserve Bank of India had, in April, given global payment companies such as Visa and MasterCard six months to restrict the storage of transaction data of Indian customers to the country. The only exemption would be for the foreign component of overseas transactions, the RBI said. The central bank will take stock of the compliance status now that the deadline is past. US Senators John Cornyn and Mark Warner have asked Prime Minister Narendra Modi to adopt a softer stance on data localisation warning that India’s policy on the issue will adversely affect American businesses in the country. Data localisation requirements, such as those contained in the draft data protection bill and draft national e-commerce policy framework, will have negative impact on the ability of companies to do business, may undermine your own economic goals and will likely not improve the security of Indian citizens’ data, they said. The RBI wanted unfettered supervisory access to data stored with these system providers as also with their service providers/ intermediaries/third-party vendors and other entities in the payment ecosystem to ensure better monitoring of payment service operators, it had said in April. All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. The RBI has said data should include complete end-to-end transaction details, and information collected/carried/ processed as part of the message or payment instruction. It had noted that only some payment system operators and their outsourcing partners stored payment systems data either partly or completely in the country.

Leave a Reply

Your email address will not be published. Required fields are marked *