Google agrees to comply with RBI’s data localization norms
Tech firm has sought extension of the deadline till December-end to put a proper mechanism in place
New Delhi: Technology giant Google has agreed to comply with the data localization norms set by the Reserve Bank of India (RBI), but has sought an extension of the deadline to put a proper mechanism in place.
During a recent meeting of Google chief executive officer (CEO) Sundar Pichai and IT minister Ravi Shankar Prasad at Google’s headquarters in Mountain View, the company agreed to comply with all the norms and sought time till the end of December, said a senior government official, requesting anonymity.
The RBI had set 15 October as the deadline for payment system operators to store data in India. Besides Visa, American Express, Facebook, PayPal, and Mastercard, among others, Google is also required to store date in the country.
Currently, the companies have limited data storage in India.
Google Pay, the digital wallet developed by Google, has access to financial data of Indians.
“We maintain that cross-border data flows today are ubiquitous and an essential phenomenon for global economic activity and universal access to information. Soaring data flows generate more economic value and hence the socio-economic impact of restricting data flows must be thoroughly considered while framing any policy. There is a need to find practical and contemporary solutions to policy issues in line with global best practices. We have nothing to add at this point of time,” said a Google spokesperson, while responding to queries from Mint.
“There is no comparison between the financial data stored by Google and other payment operators such as Visa and Mastercard. Google Pay is a payment app, which works on a payments platform built by the National Payments Corp. of India (NPCI), whereas Visa and Mastercard have their own payment networks,” said a payments expert who did not wish to be named.
Also, Google Pay has limited customer base and only domestic transactions take place on its platform, whereas Visa and Mastercard have to process much more data most of which is cross-border transactions, the person added.
“All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction,” the 6 April Reserve bank of India circular had said, adding that for the overseas leg of the transaction, the data may be stored in the foreign country.
In an interview with Mint, Hany Fam, president, enterprise partnerships, Mastercard, while agreeing that the regulations will pose financial implications for companies, proposed for a clear distinction between storage norms of personally identifiable information (PII) and non-PII data.
PII is any data that could potentially identify a specific individual including name, social security number, date and place of birth and biometric records, etc.
“Storing algorithms and storing unidentifiable data, who cares where it is stored. It does not matter. It is not prone to theft and is not useful in the hands of nefarious actors,” said Fam. Your personally identifiable information data and identity data is a matter of concern, he added.
According to a report by Reuters, US trade groups, representing companies such as Amazon, American Express and Microsoft, have opposed India’s push to store data locally and the issue could further undermine already strained economic relations between India and the US.
Last week, the central bank instructed the payment companies to submit fortnightly updates on the progress made on storing data in India.