Recently RBI banned Mastercard operations in India for not adhering to the Central Bank's Data Localisation Policy. With cashless transactions occupying a center stage especially in a pandemic-hit world, we here analyze the implications of the data localisation policy and its impact, especially on the Indian MSMEs.
The Background
The Reserve Bank of India(RBI) recently banned Mastercard from issuing new debit & credit cards in India. According to RBI, the U.S. card issuer has failed to comply with the local data storage norms announced by the central bank in 2018. The ban has unsettled banks operating in India that use Mastercard's service to issue a variety of cards to their customers.
The Guideline
The Indian central bank in 2018 issued a circular ordering card companies like Visa, Mastercard, and American Express to store all Indian customer data locally so that the regulator could have "unfettered supervisory access".
This means the foreign companies require to store complete information about transactions made by Indian customers in servers located within India. The reason explained by RBI was that local storage of consumer data is necessary to protect the privacy of Indian users and also to address national security concerns.
While earlier this year, American Express and Diner Clubs International were already banned for not complying with the rule, Mastercard became the recent U.S.-based company to be included in the list. Existing Mastercard customers, however, will be allowed to use their cards.
Need for Local Data Storage
With the pegasus issue in the news recently and the impacts of privacy in recent times, it is not required to highlight the importance of privacy in modern times. However, a few experts believe that data localisation rules are too stringent and they could simply be used by the government as a tool of economic protectionism.
Broadly speaking, formal international laws to govern the storage of digital information across borders may be sufficient to deal with these concerns. Governments, however, may still mandate data localisation to favor local companies over foreign ones.
China, for example, has used its cybersecurity laws to discriminate against foreign companies. A similar trend may be playing out in India with the center's emphasis on economic self-sufficiency. Governments may also believe that mandating foreign companies to set up local infrastructure can boost their local economies
What lies ahead?
Mastercard currently owns around one-third market share in India, and RBI's ban may just end up benefiting domestic card companies like Rupay. Indian banks that are currently enrolled in the Mastercard network are expected to make alternative arrangements with other card companies. RBL Bank, for example, has decided to enter into an agreement with Visa after the ban.
Some believe that Visa might also come under regulatory pressure in the near future. Thus, with the card payment sector restricted to a few domestic companies, it can lead to reduced competition, leading to higher costs and lower quality services for customers.
India is the fastest-growing market for mobile apps and digital banking. The Indian start-up companies in the FinTech sector often go through the toughest challenge of outsourcing technical support and shifting from cloud services to cheaper and cost-effective services.
Data Localization Policy will prohibit these start-ups from opting for cost-effective cloud service providers globally and choose localized alternatives, which ends in high operational costs. But this will be a fruitful drift that leads to shielding of payments data from identity fraud and other digital breaches associated with it.
It is also worth noting that in today's digital economy, data has turned out to be a valuable commodity. Information about spending patterns and other customer data can be monetized by companies in a variety of ways. Thus, with no clear rule as of now, conflicts over data ownership are likely to continue for some time.
Insightful!
Great content!