Credit card giants Visa, Mastercard, and Amex, as well as other financial players like Amazon and PayPal flout India's new data localization regulation (Vindu Goel/New York Times)

0
3
- Advertisement -

Advertisement

Supported by

U.S. Credit Card Giants Flout India’s New Law on Personal Data

Image
Visa, Mastercard and American Express will be violating a new Indian law that is going into effect on Monday night every time an Indian swipes a credit or debit card.CreditCreditPhilippe Wojazer/Reuters
  • Oct. 15, 2018

MUMBAI, India — When the clock struck midnight in Delhi at the end of Monday, Visa, Mastercard and American Express were suddenly in violation of the law every time an Indian swiped a credit or debit card.

They also became unwilling warriors in a budding conflict between America’s technology giants and the Indian government, which wants more control over the data they collect on India’s 1.3 billion residents.

The spark for the current fight is a new regulation, issued in April and in effect starting Tuesday, that requires payments companies to store all information about transactions involving Indians solely on computers in the country. The rule and the hubbub over it are part of a debate over a concept known as “data localization,” in which a country places restrictions on data as a way to gain better control over it and potentially curb the power of international companies. American firms have lobbied hard against data localization rules around the world.

In India, Visa, Mastercard and American Express, as well as other financial players like Amazon and PayPal, said they needed more time to comply with the order by the country’s banking regulator, the Reserve Bank of India.

The companies told the R.B.I. that their fraud detection and other data processing systems were distributed on machines across the world and could not be quickly redesigned to work in India alone. As an alternative, they offered to store copies of the Indian data in the country for easy access by regulators, tax authorities and law enforcement.

But the R.B.I. would have none of it. In recent phone calls to the top Indian executives of the major payments companies and in letters to the companies last week, the banking regulator warned that it would take action, including imposing fines, if they missed the Monday night deadline.

Mukesh Aghi, the chief executive of the U.S.-India Strategic Partnership Forum, said the payments companies were frustrated with the regulators. “They refuse to sit down and have a discussion,” said Dr. Aghi, whose policy group counts the head of Mastercard on its board.

Spokesmen for Visa and American Express declined to comment on their response to the local storage rule. Representatives of Mastercard and the R.B.I. did not respond to multiple requests for comment.

Amazon, which operates an India-only payments service that uses elements of its global technology platform, said in a statement: “Compliance with local laws and regulation is a top priority for us in all the countries we operate in. We continue to work closely with the regulator towards this.”

The R.B.I., an agency akin to the Federal Reserve in the United States, has said little about why it decided that Indian financial data must be stored only in India. In its April order, it said, “In order to ensure better monitoring, it is important to have unfettered supervisory access to data stored with these system providers.”

Its policy changed as other arms of the Indian government — spurred by both a privacy ruling from the Supreme Court and India-first nationalists in the governing Bharatiya Janata Party — had begun deliberating over much bigger changes to the country’s data, e-commerce and privacy laws.

Those broader proposals, which are unlikely to be passed until after India’s national elections in May, are intended to curb the ability of American tech titans to collect, analyze and make money from data they collect inside the country, which is the world’s fastest-growing market for new internet users. The rules would also give a leg up to domestic firms like Reliance Jio, a leading telecom provider, and Paytm, a payments company, which are seeking government help as they try to compete with the likes of Google, Facebook, Amazon and Mastercard.

India’s prime minister, Narendra Modi, has portrayed himself abroad as a pro-business leader who welcomes foreign investment. At the same time, the right wing of his party has pushed him to adopt more protectionist, India-first policies to appeal to voters, and law enforcement officials have urged him to make sure they can easily get data on residents when they need it.

The Trump administration and the bipartisan India caucus of the United States Senate have both urged India to reconsider its data localization campaign, in part because India’s own outsourcing companies depend on moving data across borders to offer their services.

On Friday, the co-chairmen of the India caucus, Senators John Cornyn, Republican of Texas, and Mark Warner, Democrat of Virginia, wrote to Mr. Modi warning that data localization “will have negative impacts on the ability of companies to do business in India, may undermine your own economic goals and will likely not improve the security of Indian citizens’ data.”

The same day, Dennis Shea, a deputy United States trade representative and the ambassador to the World Trade Organization, told a Washington audience, “We want to have prohibitions on data localization, disciplines to ensure this free flow of data across borders.”

Dr. Aghi, who has helped American financial firms press their case with the Indian government, said top executives of the big payments companies were summoned to a meeting on Wednesday with B. P. Kanungo, who oversees regulation of payments at the R.B.I.

At that meeting, the payments companies asked for 12 more months to fully localize Indian financial data. But R.B.I. officials insisted that the companies meet the Monday night deadline.

In a follow-up letter to India’s finance minister, Arun Jaitley, Dr. Aghi said the R.B.I. had improperly suggested that the foreign financial firms seek assistance from iSpirt, a technology think tank in Bangalore with close ties to the government and Indian financial-services players.

The only major American company that said it was ready to comply by midnight was Facebook’s WhatsApp messaging service. WhatsApp has been testing an India-only payments service but has yet to receive government approval to offer it to all 250 million of its Indian users.

Follow Vindu Goel on Twitter: @vindugoel.

A version of this article appears in print on , on Page B1 of the New York edition with the headline: New Law in India Is a Problem for U.S. Companies. Order Reprints | Today’s Paper | Subscribe

Advertisement


This post was originally published here
- Advertisement -