indica Washington Bureau
Two top American Senators John Cornyn and have warned that India’s data localization policy, which took off on October 15, will adversely affect American businesses in the country.
“Data localization requirements, such as those contained in the draft data protection bill and draft national e-commerce policy framework, will have negative impacts on the ability of companies to do business in India, may undermine your own economic goals, and will likely not improve the security of Indian citizens’ data,” said Republican John Cornyn and Democrat Mark Warner, who are co-chairs of the powerful Senate India Caucuses.
While it was said that global digital payment firms such as Visa, American Express etc were likely to be impacted by the regulations, as many as 80 per cent of industry players including Amazon, Alibaba and WhatsApp complied with the data storage norms, news reports quoted official sources as saying.
WhatsApp, which was the first to officially comply with these norms, said that it has built a system that stores payment-related data locally in India.
In a letter dated October 12, to Indian Prime Minister Narendra Modi, the senators argued that when companies adopt high-quality privacy safeguards, the location of data has no bearing on whether the data is secure.
“In addition to effectively reducing data security, forced data localization requirements create inefficiencies for both businesses and consumers, raising the cost of procuring and delivering data services including ones that local Indian businesses utilize on a daily basis, Cornyn and Warner said.
“Ultimately, they also increase the cost, and/or reduce the availability of, data-dependent services,” said the letter.
The letter comes in the wake of strained Washington and New Delhi relations over multiple issues, including an Indo-Russian defense contract, India’s new tariffs on electronics and other items, and its moves to buy oil from Iran despite US sanctions.
The Senators reasoned that forced data localization will be abortive when it came to India modernizing its framework regarding law enforcement requests for data.
“Both the protection and security of datas as well as access to data for lawful purpose can be enabled without a requirement that data be stored in a specific physical location. We encourage increased dialogue on these issues between law enforcement agencies in the US and India,” the Senators wrote.
The move by Senators was seen as a last-ditch effort after the RBI told officials at top payment companies that it would implement data localisation directive without extending the deadline or allowing data to be stored offshore as well as locally.
Data localization – the practice of storing data on any device that is physically present within the borders of the country where the data is generated – has been in focus after the release of a draft e-commerce policy.
The Reserve Bank of India (RBI), in a circular dated April 6, said: “All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction.” It added that for the overseas leg of a transaction, the data may be stored in the foreign country.
The RBI further said that data should include the full end-to-end transaction details, information collected, carried, processed as part of the message, payment instruction.
Asian countries such as China, Japan and Malaysia follow the same rule.