2019 – Posted in: Daily News

PAYMENTS RELATED DATA TO BE STORED ONLY IN INDIA

For: Mains

Topics covered: Data Localisation, RBI’s guidelines, Mandate, Importance

News Flash

The Reserve Bank of India said all data related to payments must be stored only in India and data processed abroad will have to be brought back to the country within 24 hours.

In case the processing is done abroad, “the data should be deleted from the systems abroad and brought back to India not later than the one business day from payment processing, whichever is earlier”

Data stored in India should include end-to-end transaction details and info about payment transactions.

This may include—customer data (name, mobile number, email, Aadhaar number, PAN number, etc), payment sensitive data (customer and beneficiary account details) payment credentials (OTP, PIN, passwords, etc.); and, transaction data (originating and destination system information, transaction reference, timestamp, amount, etc.)

Background

The RBI had issued a directive in April 2018 on ‘Storage of Payment System Data’.
These regulations were expected to affect companies like Mastercard, American Express, Amazon, Facebook, Microsoft, Visa and PayPal who will be forced to store data locally.
It had advised all system providers to ensure that within a period of six months, the entire data relating to payment systems operated by them is stored in a system only in India.

Why RBI wants to change Data Localisation rules?

While doing online transactions (say swipe your card etc.), an individual’s information is carried, processed or stored. And most of this data tends to be either partly or completely stored outside India.
Indian government and regulators too have limited access to this data, which creates a big worry.
This is what the RBI wants to change through its data localisation rules.

Data localisation

Data localisation is the act of storing data on any device physically present within the borders of a country. As of now, most of these data are stored, in a cloud, outside India.

RBI’s diktat has followed the draft data protection law recommended by Srikrishna committee in July/August.

Mandate

Localisation mandates that companies collecting critical data about consumers must store and process them within the borders of the country.

This covered not only card payment services by Visa and MasterCard but also of companies such as Paytm, WhatsApp and Google which offer electronic or digital payment services.

Why it is important?

The main intent behind data localisation is to protect the personal and financial information of the country’s citizens and residents from foreign surveillance and give local governments and regulators the jurisdiction to call for the data when required.
Data localisation is essential to national security.
Storing of data locally is expected to help law enforcement agencies to access information that is needed for the detection of a crime or to gather evidence.
Where data is not localised, the agencies need to rely on mutual legal assistance treaties (MLATs) to obtain access, delaying investigations.

Source: Indian Express / The Hindu Businessline

You can follow us on LinkedIn and for more updates related to UPSC IAS Preparation, Like our Facebook Page and subscribe our Diligent IAS Youtube Channel