New Delhi: Storage of raw data within the geographical boundaries of a country makes sense, but processed data that is useful for the government, commerce and individuals, should be based on open standards and should be part of a global interoperable system, said Hany Fam, president, enterprise partnerships, Mastercard, in an interview with Mint. 

Fam was responding to questions regarding the Reserve Bank of India (RBI) mandating payment system operators to store data in India. “We have had this on-soil and off-soil conversation with many sovereign states around the world. In the end, what we come to is an understanding that the raw data is one thing, but once you are finished with it and if it is in a form that’s useful for commerce, government and individuals, it should be on open standards or open architecture and part of a global interoperable system." 

The 6 April circular of the RBI said: “All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction." It added that for the overseas leg of the transaction, the data can also be stored in the foreign country.

Besides Visa, American Express, Facebook and PayPal, among others, Mastercard has also been affected by the regulation. Currently, the companies have limited data storage in India.

Without getting into the details of the financial cost that the company will have to bear in order to comply with the new regulations, Fam said: “It is really about the financial cost to the local community and the effect it has on the segregation of the Indian market from the rest of the world. That’s the bigger issue."

“Because if it is about keeping data on soil for protection of privacy, that’s already happening and there’s very little if anything that I can imagine that the Indian government would want that we can’t already accommodate. I think we can accommodate anything that is required." 

According to Fam, there should be clear distinction between storage norms of personally identifiable information (PII) and non-PII data. PII is any data that could potentially identify a specific individual, including name, social security number, date and place of birth and biometric records. 

“Storing algorithms and storing unidentifiable data, who cares where it is stored. It does not matter. It is not prone to theft and is not useful in the hands of nefarious actors." Your PII data and identity data is a matter of concern, he added.

“It shouldn’t matter to anybody whether I do the analysis in Virgina and apply predictive technology in San Francisco or in Pune, India. It shouldn’t matter if I’m using data that is safe and secure and looking at that either for building local propensity or global propensities. It should make no difference whatsoever to anybody." 

According to Reuters, US trade groups, representing companies such as Amazon, American Express and Microsoft, have opposed India’s push to store data locally and the issue could further undermine the already strained economic relations between India and the US. 

Last week, the central bank had instructed payments companies to submit fortnightly updates on the progress made on storing data in India. The deadline to comply with the new regulations is 15 October.

Close