Indian data safe when stored abroad? RBI to examine concerns

IT experts, as well as many in positions of authority, have been flagging the concern for years that it is risky to store sensitive Indian data in servers abroad

0
31
data

New Delhi: Yet another concern of nationalists have moved the Narendra Modi government. For the past few years, several personalities in positions of authority as well as information technology experts have been flagging the concern that it is not safe to let IT giants like Google, IBM, etc store Indian data, especially of state secrets. The government on Tuesday said that the Reserve Bank of India (RBI) would examine concerns around its strict data localisation rules that require storing of customer data exclusively in India without creating mirror sites overseas, the government said Tuesday ― even as Facebook, Amazon, Microsoft and MasterCard continue to oppose the move.

The RBI in April last year had asked payment firms to ensure their data are stored exclusively on local servers, setting a tight six-month deadline for compliance. That deadline was said to have been missed by some foreign firms including credit card giants Visa and MasterCard.

Commerce and Industry Minister Piyush Goyal on Monday held extensive consultations with the tech industry and e-commerce companies, a statement by his ministry said.

“All the companies who were represented in this meeting put forth their concerns related to RBI data storage requirements and processing related guidelines issued by the RBI. Deputy Governor of RBI, BP Kanungo, assured the industry representatives that the Reserve Bank of India will look into this,” it said.

The RBI in April 2018 put out a circular requiring that all “data relating to payment systems” are “stored in a system only in India” within six months.

International giants usually store data on global servers and the requirement to store data locally would require them to make an additional investment. But policymakers in India believe storing data locally would help monitor and conduct investigations if the need arises.

Mastercard CEO Ajay Banga joined the meeting via video conference, the statement said.

Besides the RBI rule, concern was also expressed at the meeting about a draft e-commerce policy that requires exclusive local storage and processing of data generated by users in India from various sources including e-commerce platforms, social media and search engines.

While domestic companies such as Reliance Jio have spoken up in support the government’s data localisation efforts, others like Facebook, Amazon, Microsoft, and MasterCard have led the way in opposing it.

“The e-commerce industry representatives also put forth their concerns before the Commerce Minister about the e-commerce draft policy which they felt was not adequately consultative,” the statement said adding Goyal assured them that each and every concern of the industry will be addressed.

The commerce and industry minister asked e-commerce representatives to send their concerns in writing within 10 days.

On a draft data protection bill released in July 2018 that proposes a requirement for data localisation as a remedy to concerns about protection of personal data, industry representatives told the Minister that though the consultations on it were satisfactory, a lot of time had elapsed and they were not sure about the final shape of the Bill.

“Secretary Ministry of Electronics and Information Technology (MeitY), Ajay Prakash Sawhney, assured the e-commerce companies that the Bill will reflect all the consultations that had taken place with the industry during the formulation of the Bill,” the statement said.

The statement said principles of data protection and privacy were discussed at length in the meeting and industry representatives requested Goyal to ensure that the Bill will have more clarity around the classification of data and the manner of cross border flow of data.

“Commerce Minister assured that MeitY will address this concern too,” it said.

E-commerce and tech companies also informed him that the data free flow discussed in the recent G20 Ministerial Meeting on Trade and Digital Economy was a positive development for India in principle and the country must participate in the discussions on digital trade. Issues of concern for the country must be taken up as and when they arise during the G20 discussions.

The commerce minister said that MeitY and National Association of Software and Services Companies (NASSCOM) may deal with the concerns of companies who build products in India and store their data in the country and the Bill must reflect this.

E-commerce and tech companies across all segments, foreign MNCs participated in the meeting that was called to “understand their concerns and take their suggestions towards building a robust data protection framework that will achieve the dual purpose of privacy and innovation and strengthen India’s position as a global tech leader with focus on trust and innovation,” the statement said.

The meeting was attended by Secretary Department for Promotion of Industry and Internal Trade (DPIIT), Secretary Department of Commerce, Secretary MeitY, Deputy Governor of RBI and senior officials from Ministry of External Affairs.

NASSCOM President Debjani Ghosh underlined the need for harmony across all policies of all ministries and the RBI which deal with digital trade, the statement added.