India’s finance ministry proposed local data storage rules for global payment firms

Vastavam web: India’s finance ministry has proposed relaxing a directive from the country’s central bank that would compel global payment firms to store customer data only locally, following weeks of intense lobbying by U.S. companies and trade bodies. Easing the proposal would be a relief for firms including MasterCard, Visa and American Express, which fear India’s data onshoring move could cost them millions of dollars and set a precedent for other major governments to implement similar rules at a time when there is heightened scrutiny of how companies globally handle their customers’ data.

Foreign payment companies were caught off guard in April by the Reserve Bank of India’s (RBI) one-page directive that said all payments data should, within six months, be stored only in the country for “unfettered supervisory access”. India’s finance ministry, in a meeting held in June with RBI officials and executives from payment firms, said that a possible solution could be that companies would be allowed to store data offshore, as long as a copy was kept in India. The ministry has also proposed clarifying the kind of data that needed to be stored and the time given to implement the directive, according to a copy of the minutes of the meeting reviewed by Reuters.

At the June meeting, RBI executive director S Ganesh Kumar said the central bank had been approached about the companies’ concerns and was in the process of issuing a circular to clarify the rules, according to the minutes. Suggestions made at the meeting would be helpful in deciding the matter, Kumar said. MasterCard and American Express declined to comment. Visa and RBI did not respond to an email seeking comment.

“This is a big step and shows India has a progressive outlook towards businesses,” said an executive with one of the payment companies, adding that the ministry had tried to address some of the industry’s biggest grouses. “This will hopefully serve as a precedent for other regulators who might be thinking of data localisation,” said a lawyer familiar with the matter, adding that this would also allow for data processing and analytics – which is currently done offshore – to continue.