wordpress blog stats
Connect with us

Hi, what are you looking for?

Visa ‘extremely committed’ to complying with RBI’s data localisation rules, says company president: report

Visa’s global president Ryan McInerney has said the company is “extremely committed” to abide by the RBI’s data localisation mandate and also denied reports that global companies initially seemed averse to the mandate in an interview to the Economic Times  “Since our commitment to India is long term, measured in decades, we want to work in a way the RBI feels is the right way to work,” he told the newspaper. Last September, a month before the RBI’s rules on data localisation came into effect, T R Ramachandran, Visa’s group country manager for India and south Asia, said the central bank had asked payment companies to send it fortnightly updates on their progress in storing payment data in India. The RBI’s mandate, passed last year, requires all payments-related data generated in India to be stored within the country.

Zuckerberg ‘highly concerned’ about data localisation but WhatsApp working to comply

In an earnings call with investors last week, Mark Zuckerberg said that Facebook won’t store sensitive data in countries where it might be improperly accessed because of weak rule of law or governments that can forcibly get access to your data. He reiterated his stance against data localisation, without mentioning any country specifically. “More countries following the approach of authoritarian regimes adopting strict data localisation policies where governments can more easily access people’s data, and I’m highly concerned about that future,” Zuckerberg said. But earlier this month WhatsApp said it was working to comply with the RBI’s data localisation rules. The messaging platform has been operating its payments service WhatsApp Pay in beta mode for one million users since February 2018 but has run into trouble for not complying with data localisation rules.

Earlier this month the United States Trade Representative (USTR) criticised India’s restrictions on cross-border data flows and its “onerous” data localisation requirements, and said they were a barrier to digital trade. “In 2018, India published a number of measures that would restrict the cross-border flow of data and create onerous data localisation requirements. In October, one such measure was implemented, requiring payment service suppliers to store all information related to electronic payments by Indian citizens within India”, said USTR.

RBI’s localisation mandate for payments data: a timeline

  • April 6, 2018: The RBI told all payments system operators in India to ensure that payments-related data was stored within the country and gave the companies six months to comply. The RBI wanted data stored locally “to have unfettered access to all payment data for supervisory purposes”.
  • July 12: The Finance Ministry eased the RBI’s directive for foreign payment firms, saying that mirroring a copy of the data in India would be sufficient. Payments companies were relieved, assuming that the Finance Ministry’s directive stood and that it would be okay to mirror user data in India. The companies were awaiting a circular from the central bank to this effect. However, the RBI’s did not issue any such circular.
  • July 27: The long-awaited draft Data Protection Bill 2018 was submitted to the government. It added an another layer of confusion to the matter. The bill reportedly overrode all sectoral regulators and therefore all their directives. It mandated that all data fiduciaries store a copy of users’ personal data in India. Worryingly, it also required mandatory storage of ‘critical personal data’ within India only. The bill, however, failed to explicitly define ‘critical data’.
    September 6: The RBI asked payment companies to send it fortnightly updates about their progress on local storage of payments data.
  • October 15: The RBI’s circular on localisation of payments data came into effect.
  • February 2019: The Department for Promotion of Industry and Internal Trade released India’s Draft Ecommerce Policy, which included strategies for regulating access to data, mandating data storage requirements, and controlling cross-border data flows.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ