RBI firm on ‘Indian data on Indian shores’ stand, sticks to Oct 15 deadline

The RBI will not relax the October 15 deadline for global financial technology (fintech) companies to comply with its data localisation norms in the public interest, according to sources.

The central bank in April gave six months time to global payment companies to store transaction data of Indian customers within India. The RBI's data localisation norms will kick in from Monday, October 15.

Data localisation requires data about residents be collected, processed, and stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws.

This comes as a major blow to global firms engaged in active lobbying to water down the RBI’s diktat. Most of these are now understood to have presented their plans for a full compliance, effective October 16.

Out of 80 payments services providers that were told to store data locally, and not mirror it outside India, 64 said they were ready with local data storage. The fully compliant ones include global majors such as Google, Facebook (with its subsidiary WhatsApp), Amazon and Alibaba.

The remaining 16 companies, including major card companies, pleaded that they needed more time to comply, as the central bank was not in a mood to allow any leeway. According to sources, RBI officials had said that six months were more than enough to develop the infrastructure.

And, in case they were still not ready, these firms must rent out an India-based cloud and store their data temporarily while building the required infrastructure.

However, the US wants to prohibit data localisation to ensure free flow of information across borders.

"We want to have prohibitions on data localisation to ensure free flow of information, free flow of data across borders, disciplines around countries requiring companies to give up their source code, permanent ban on taxation or duties on digital transmissions, Dennis Shea, Deputy US Trade Representative and US Ambassador to the WTO, told a Washington audience on Friday, October 13.

Although domestic companies have welcomed the guidelines, global companies fear increase in their expenses for creation of local servers. To avoid this rise in cost, global companies in recent meeting with the RBI proposed to provide mirror data instead of original data to which the central bank did not agree, the sources said.

Last week, Finance Minister Arun Jaitley met RBI Deputy Governor BP Kanungo to discuss RBI's data localisation norms. The meeting was also attended by Economic Affairs Secretary Subhash Chandra Garg, Financial Services Secretary Rajiv Kumar and IT Secretary Ajay Prakash Sawhney.

The RBI in April said in order to ensure better monitoring of payment service operators it is important to have unfettered supervisory access to data stored with these system providers as also with their service providers/ intermediaries/third party vendors and other entities in the payment ecosystem.

All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India, it had said.

The RBI further said data should include the full end-to-end transaction details, information collected/carried/ processed as part of the message/payment instruction.