RBI to examine concerns over data localisation norms, says govt

RBI to examine concerns over data localisation norms, says govt

Tuesday June 18, 2019,

4 min Read

The RBI will examine concerns around its strict data localisation rules that require storing of customer data exclusively in India, without creating mirror sites overseas, the government said on Tuesday.

The Reserve Bank of India (RBI) in April last year asked payment firms to ensure their data are stored exclusively on local servers, setting a tight six-month deadline for compliance. That deadline was said to have been missed by some foreign firms including credit card giants Visa and Mastercard.

Reserve Bank of India, RBI

(Photo credit: AFP)

Commerce and Industry Minister Piyush Goyal on Monday held extensive consultations with the tech industry and ecommerce companies, a statement by his ministry said.

"All the companies who were represented in this meeting put forth their concerns related to RBI data storage requirements and processing related guidelines issued by the RBI. Deputy Governor of RBI, BP Kanungo, assured the industry representatives that the Reserve Bank of India will look into this," it said.

The RBI in April 2018 put out a circular requiring that all "data relating to payment systems" are "stored in a system only in India" within six months.

International giants usually store data on global servers and the requirement to store data locally would require them to make an additional investment. But policymakers in India believe storing data locally would help monitor and conduct investigations if the need arises.

Mastercard CEO Ajay Banga joined the meeting via video conference, the statement said.

Besides the RBI rule, concern was also expressed at the meeting about a draft ecommerce policy that requires exclusive local storage and processing of data generated by users in India from various sources including ecommerce platforms, social media and search engines.

While domestic companies such as Reliance Jio have spoken up in support of the government's data localisation efforts, others like Facebook, Amazon, Microsoft, and Mastercard have led the way in opposing it.

"The ecommerce industry representatives also put forth their concerns before the Commerce Minister about the ecommerce draft policy, which they felt was not adequately consultative," the statement said, adding Goyal assured them that each and every concern of the industry will be addressed.

He asked ecommerce representatives to send their concerns in writing within 10 days.

On a draft data protection bill released in July 2018 that proposes a requirement for data localisation as a remedy to concerns about protection of personal data, industry representatives told the Minister that though the consultations on it were satisfactory, a lot of time had elapsed and they were not sure about the final shape of the Bill.

"Secretary Ministry of Electronics and Information Technology (MeitY), Ajay Prakash Sawhney, assured the ecommerce companies that the Bill will reflect all the consultations that had taken place with the industry during the formulation of the Bill," the statement said.

The statement said principles of data protection and privacy were discussed at length in the meeting and industry representatives requested Goyal to ensure that the Bill will have more clarity around the classification of data and the manner of cross border flow of data.

"Commerce Minister assured that MeitY will address this concern too," it said.

Ecommerce and tech companies also informed him that the data free flow discussed in the recent G20 Ministerial Meeting on Trade and Digital Economy was a positive development for India in principle and the country must participate in the discussions on digital trade. Issues of concern for the country must be taken up as and when they arise during the G20 discussions.

The commerce minister said that MeitY and National Association of Software and Services Companies (NASSCOM) may deal with the concerns of companies who build products in India and store their data in the country and the Bill must reflect this.

Ecommerce and tech companies across all segments, foreign MNCs participated in the meeting that was called to "understand their concerns and take their suggestions towards building a robust data protection framework that will achieve the dual purpose of privacy and innovation and strengthen India's position as a global tech leader with focus on trust and innovation," the statement said.

The meeting was attended by Secretary Department for Promotion of Industry and Internal Trade (DPIIT), Secretary Department of Commerce, Secretary MeitY, Deputy Governor of RBI and senior officials from Ministry of External Affairs.

NASSCOM President Debjani Ghosh underlined the need for harmony across all policies of all ministries and the RBI which deal with digital trade, the statement added.