A last-minute effort to dilute the Reserve Bank of India (RBI) directive on data localisation by American global payment companies has triggered direct intervention by US lawmakers urging Prime Minister Narendra Modi to soften tough stand taken by the country's monetary authority.
Firstpost had reported on 12 October that the US companies want Donald Trump administration to put pressure on Indian authorities in a bid to seek relaxation on the RBI order of ensuring implementation of data localisation by 15 October. Before the deadline ends, US Senators John Cornyn and Mark Warner have appealed that the Indian government must address the concerns of American payment firms. US companies have been lobbying with the Finance Ministry and the RBI over the issue. Firstpost has reviewed the notes on discussion revealing the reluctance of firms on storing all payment data on transactions inside the Indian territory. Financial services companies were ready to have data mirroring instead of data localisation, however, RBI had indicated that it was opposed to 'mirror data' and was pushing for a clause on storage of all transaction data in India only.
"A US firm even blamed that RBI was intervening too much in businesses of financial technology companies and such action was spoiling the Digital India story. They were also of the view that the national security agencies were helping RBI and directing its action. Though RBI had made it clear, it will not relax the deadline for payment companies," informed government sources said.
It is evident from the documents that US companies batted for pressure on Indian authorities to bring them to the negotiating table. A US firm suggested two-pronged approach " first, the US government should apply pressure on India and second, Trump administration should have a dialogue with the US industry to understand concerns of companies to evolve a solution without hampering their global business model.
The Indian authorities maintained that it was not enough to only have data in India, but the need for data processing in the country as well, like the Chinese were doing.
During various rounds of meetings, the American firms argued that mainly US-headquartered firms would be affected and two firms from Japan and China had a free run since they were not issuing any cards in India.
One such US company is learnt to have said, "US payment companies have communicated to RBI that their Indian arms were ready to have data mirroring process and were awaiting a reply from the monetary authority. However, the impression is that no data mirroring was being allowed for financial services companies."
According to sources, BP Kanungo, the deputy governor of RBI had told top brass of US firms operating in India that the RBI circular dated 6 April 2018 on data localisation stood in entirety and needed to be implemented by the companies.
The RBI directive in April had said, "All system providers shall ensure that the entire data related to payment systems operated by them is stored in a system only in India. This data should include the full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required."
A US-India business advocacy organisation had submitted three over-arching solution sets, sources told Firstpost. The organisation argued that RBI directive had apparently not taken into account the problems that might arise for the outbound Indians, who were part of a global travellers fraternity and had thus reportedly overlooked the interest of India, which as a global destination was drawing in foreign travellers.
The advocacy body which organised a meeting with stakeholders in early September in Mumbai, was also concerned about reports that US companies were engaged in lobbying over data localisation and favoured to join hands with three UK companies and French authorities to dispel this perception. It observed, "The issue could be only resolved through government-to-government intervention."
A fortnight later, US-based Centre for Information Privacy Leadership (CIPL) submitted a response to the Ministry of Electronics and Information Technology on draft data protection bill, which also included views on data localisation. CIPL said, "The requirements around data localisation should be reconsidered as they do not serve to improve data protection and will severely disrupt the operations of data fiduciaries and processors and negatively impact India's data economy. CIPL suggests that the Indian government encourage bilateral and multilateral instruments to make data sharing work in such instances without resorting to localisation."