The moment data leaves the country, it falls under various jurisdictions, which in many cases, are beyond our control. It is important to keep all the data here so that the laws of the land can be made applicable to them, says Paytm COO Kiran Vasireddy.
With the Justice BN Srikrishna Committee report on an overarching data protection and privacy law expected to be submitted soon, and the Telecom Regulatory Authority of India (Trai) releasing its own recommendations on the subject recently, the debate on data localisation has again picked up steam. Paytm, for one, remains a vocal proponent.
"On the data storage bit, obviously we believe that it should be stored locally," Kiran Vasireddy, chief operating officer at Paytm, told The Economic Times, adding, "The moment data leaves the country, it falls under various jurisdictions, which in many cases, are beyond our control. It is important to keep all the data here so that the laws of the land can be made applicable to them."
India's largest digital payments company further stated that it supports the move to identify the user as the ultimate owner of their data while every other player in the ecosystem is only a custodian. Trai in its recent recommendations on privacy, security and ownership of data had stated that entities processing or controlling such data have no primary rights over it.
To back the company's views on storing data locally and underscore the need for the Modi government to push the same, Vasireddy reportedly cited Google as an example, saying it had rejected 55 per cent of the government's requests for data.
Data localisation suddenly became a buzzword in the country after the RBI in its April 5 circular announced that payment companies operating in India - from fintech firms offering peer-to-peer money transfers and international transactions to gateway operators - would have to locate their servers in the country within six months.
While global companies like WhatsApp, which maintains servers outside India, would have been adversely impacted by this development, Indian fintech companies such as Paytm or PayU had little to worry about as their data is already mostly in servers within the country.
The payments sector got a breather two weeks ago, when the Ministry of Finance suggested payment firms could be allowed to store data in India as well as in the country where it is being stored currently. The decision was taken after a crucial meeting between the Finance Ministry's Department of Economic Affairs with payment companies like MasterCard, Visa, American Express, and other industry participants like Paytm, US India Business Council, and RBI last month.
"Mirroring of data in India along with the country where the data is being currently stored could be a possible solution. The RBI may consider the issues connected with the kind of data that needs to be within India and the timeline it has given to players while issuing a clarificatory circular," the finance ministry reportedly said in a note shared with participant companies.
According to experts this easing of the norms would not only save foreign companies mega bucks by allowing them to continue data analytics and processing outside India - hence saving money on setting up infrastructure -but also addressed their concerns about data safety. Stakeholders had previously pointed out that storing data at one place only could expose it to the risk of inaccessibility or destruction in the event of any disaster.
But not everyone is happy with this latest development. Paytm told the daily that mirroring of data is not an ideal solution and pointed out that many countries have disallowed companies from doing so. "The ideal thing is to see whether data can be stored in India itself," said Vasireddy. "It is not majorly a cost issue and for all these large players, the cost will be negligible. It is more to do with intent."
Paytm's concern is understandable since the easing of the norms might help its biggest potential rival, WhatsApp Payments, finally move towards a formal launch. The payments feature has been in Beta since February and is being tested by around a million users across the country. But the formal launch, which was expected to happen at the beginning of June, has been repeatedly pushed back due the current lack of clarity on India's data protection norms.
The ministry of electronics and information technology last month had asked the National Payments Corporation of India (NPCI) to clarify whether the new WhatsApp UPI payment method is violating any RBI rules but a response is still awaited.
WhatsApp, in its defence, said that while it uses Facebook's infrastructure for the service, the parent firm does not use any payment information for commercial purposes. Moreover, sensitive user data such as the last 6 digits of a debit card and UPI PIN is not stored at all.
With agency inputs