Foreign payment firms such as Mastercard and Visa can process transactions made in India outside of the country but the related data should be brought back for local storage within 24 hours, the Reserve Bank of India (RBI) said on Wednesday.
The announcement was made to clarify the central bank’s directive in April last year that mandated foreign firms to store their payments data “only in India” for “unfettered supervisory access”.
The RBI rules led to an aggressive lobbying effort from the United States government and American companies who said the directive would increase infrastructure costs and hurt firms’ investment plans. A request to dilute the rules was declined last year, Reuters reported.
On Wednesday, the RBI stuck to its position but clarified that payment transactions can be processed outside the country if the companies so wish. The previous RBI directive was silent on whether data can be processed abroad or should only be done locally.
Still, even in cases where the transactions are processed abroad, the RBI said such data must be “deleted from the systems abroad and brought back to India” within 24 hours of payment processing.
“The clarity on processing, and the ability to do so overseas, is a welcome development. Although the clarifications do not ease the local-only storage requirement,” said Kriti Trehan, a partner specializing in technology law at the Law Offices of Panag & Babu.
Mastercard and Visa did not immediately respond to a request for comment.
The RBI clarification comes days after India’s commerce ministry, following a meeting with technology and payment companies, said the central bank would “look into” concerns raised by the industry.
The differences between American companies and India have further fuelled trade tensions between New Delhi and Washington. On Wednesday, U.S. Secretary of State Mike Pompeo sought to reduce these tensions, promising a renewed focus on negotiating better ties, but gave few specifics during a visit to the Indian capital.
India wants more stringent data storage rules so it can better access data and conduct investigations when the need arises.
Other than RBI‘s directive for payment companies, India has also drafted an overarching law on data storage which calls for all personal data determined to be critical to be processed locally.