The Reserve Bank of India (RBI) may not immediately penalise payment companies for not meeting its data localisation deadline of October 15, The Economic Times reported.
About 80 percent of industry players including Amazon, Alibaba and WhatsApp have complied with data storage norms. The remaining will have to submit a schedule for adhering to RBI's guidelines on data storage if they haven’t done so already, the report said.
Around 15 of the 78 payment companies in India are yet to comply with these norms, according to a report in Business Line. These include: Visa, Mastercard, and Amex.
"The companies that are yet to comply have asked for more time to set-up local data centres. Of the 15 players, four international players — American Express, Mastercard, PayPal and Visa — have shown intent to comply and submitted a roadmap to the banking regulator on how and when they intend to set up a data centre in the country," a source told Business Line.
Several payments companies had lobbied to dilute RBI's directive to store all payments data in India only, but the regulator stood firm on its decision mandating all digital payments companies comply with data localisation norms.
"All system providers should ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction," RBI said in a notification in April.
The central bank had given payments operators, including Visa, MasterCard, Google and Paytm, six months to comply with the directive. It had also asked payment services companies to provide an update every fortnight on action taken by them to store transaction data in the country. Now that the deadline is past, RBI will take stock of the compliance status.
Earlier, US Senators John Cornyn and Mark Warner said India's data localisation policy will be counterproductive to the country's efforts to modernise its framework regarding law enforcement requests for data, adding that it will adversely affect American businesses in India.
"Data localisation requirements, such as those contained in the draft data protection bill and draft national e-commerce policy framework will have negative impacts on the ability of companies to do business in India, may undermine your own economic goals, and will likely not improve the security of Indian citizens' data," Cornyn and Warner said.