The Indian government’s stand on data protection policies are finally being heard by multinational giants.
Mastercard has proposed a date to the RBI after which it will begin deleting the data of Indian cardholders from its global servers. In April, the Reserve Bank had issued a new regulation, which came into effect from October 16, requiring payments companies to store all information about transactions involving Indians solely on computers within India.
Most payment companies had initially expressed reservations about the move, claiming that it would would require too much work, and could end up being too expensive. But companies are slowly complying — WhatsApp has said that it will store data pertaining to its Indian users locally in India, and Google has put out a similar statement.
With Mastercard, things are a little more complex. The company had been in the eye of a storm recently after it had complained to the US government that the Indian government had been “using nationalism” to promote RuPay, its own alternative payments system. The complaint had become public after a Reuters investigation, and Mastercard had faced flak online for its stance. Some users had gone ahead and cancelled their Mastercard cards and got RuPay cards in protest.
As such, Mastercard’s toeing the line on the data privacy issue can be seen to be its acquiescence to how the Indian government wants activities over the internet to be conducted in the country. Mastercard has already been storing Indian transaction data at its technology centre in Pune as of October 6; it will now go ahead and delete the data from its foreign servers as well.
“The proposal we have given (to RBI) is that we will delete it (data) from everywhere else, whether it is the card number, transaction details. The data will only be stored in India … we will start deleting that…,” said Porush Singh, India and Division President, South Asia, MasterCard. Mastercard is also willing to delete the copies of the data stored on foreign servers, in spite of having reservations about the move.
“No other country has asked us like that. “No other country in the world has asked us the data to be deleted from the global server and the reason why it is a concern for us because that would be weakening of the safety, security over a period of time,” Singh added.
But the Reserve Bank has been adamant that foreign companies store their data locally. It’s a move that has faced some resistance, but could pay off for India in the long run — data is the new oil, and having financial transactions data of crores of Indians stored on foreign soil could potentially give a enemy nation lots of ammunition in case they did get their hands on it. And after the initial reluctance, with most multinational companies now agreeing to store their data in India, it would appear that the RBI’s vision of data localization might be finally coming to fruition.