NEW DELHI – Global card payments giant Mastercard is storing its new Indian transaction data locally, the company said on Tuesday, as it starts to comply with a regulatory directive which U.S. companies unsuccessfully lobbied hard to dilute.
“In order to ensure that the safety and security of the Indian payment ecosystem is not compromised, and further, that there is no negative impact or disruption to Indian consumers, banks and merchants, Mastercard has submitted its proposal to RBI which confirms storage of data only in India within a specified time frame,” said Mastercard in response.
“We confirm that all new Indian transaction data is being stored at our technology centre in Pune as of 6th October 2018, as required per the RBI directive on data localisation,” it added. RBI issued the directive for better monitoring of transaction data. It gave the companies six months to abide and submit their compliance report by 15 October.
The companies had sought dilution of the central bank directive, requesting they be allowed to store data both locally and at their offshore offices, a practice widely known as “data mirroring”. But their requests were declined.
The company said it has submitted a proposal with the Reserve Bank of India (RBI) for “storage of data only in India within a specified timeframe”. It did not give a timeline.
Visa too has started storing a copy of its new transaction data locally and had sought time from the RBI to comply with the requirement to store Indian data only within the country, two industry sources said.
The RBI directive was part of a wider push by India to ask companies to store more of their data locally at a time when governments globally are enforcing more stringent rules to protect user data.
Two U.S. senators this month called on Indian Prime Minister Narendra Modi to soften India’s stance on data localisation, warning that measures requiring it represent “key trade barriers” between the two nations.
Other than the RBI proposal, India is working on an overarching data protection law that calls for the storing of all critical personal data in India. E-commerce and cloud computing policies are also being developed.