STOCK MARKET BSE NSE

With Mastercard ban, RBI firms up data localisation stance

The central bank made no bones about MasterCard’s non-compliance even after ‘considerable time and adequate opportunities’ to fall in line with its April 2018 circular on localisation of data storage.

Published: 16th July 2021 07:11 AM  |   Last Updated: 16th July 2021 07:16 AM   |  A+A-

File photo of a sign for MasterCard credit cards is shown on the entrance to a bank, in New York.

File photo of a sign for MasterCard credit cards is shown on the entrance to a bank, in New York. (Photo | AP)

The RBI has sent out a stern reminder that businesses must follow the letter of the law. On Wednesday, it barred global payments systems provider MasterCard, whose market share in India is roughly a third of total debit and credit cards currently. The central bank made no bones about MasterCard’s non-compliance even after ‘considerable time and adequate opportunities’ to fall in line with its April 2018 circular on localisation of data storage. The RBI had also asked foreign banks for a board-approved system audit report certifying compliance with its data localisation norms, which MasterCard and others have failed to furnish even after three years. In the recent past, the RBI has barred players like American Express and Diners Club, and the latest rap only reiterates the central bank’s intent to solidify its stance on data localisation. 

Drawing territorial limits to the flow of data gains significance amid rising breaches and electronic spying at companies including domestic players like Mobikwik, Big Basket and Unacademy, where the data of customers was put on the dark web for sale. Data on transactions is crucial to avoid financial frauds, but foreign banks reason that local data storage runs counter to their centralisation practices and limits their flexibility to detect frauds. The central bank maintains that while storing data locally, they can send data overseas for 24 hours for analysis.   

With mushrooming fintech and payment systems providers, data gathering practices are increasingly becoming opaque. Often, consumers too give consent to privacy forms without reading the complex fine print and hence enhanced regulation is even critical to ensure financial safety and stability. That said, it’s important to balance stakeholders’ interests, particularly in overlapping areas of fraud detection and prevention of money laundering. If the broader Personal Data Protection Bill, 2019, is taken up in the upcoming Monsoon Session, perhaps the issue of cross-border data flows will likely get attention. This can throw clarity on whether developing cross-border data flow agreements with countries having similar principles of data protection and privacy should be extended to financial transactions too.



Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp