[Amazon, which operates an India-only payments service that uses elements of its global technology platform, said in a statement: “Compliance with local laws and regulation is a top priority for us in all the countries we operate in. We continue to work closely with the regulator towards this.”]
By Vindu Goel
 |
|
Visa,
Mastercard and American Express will be violating a new Indian law that is
going into effect on Monday night every time an
Indian swipes a credit or
debit card. Credit
Philippe Wojazer/Reuters
|
MUMBAI,
India — When the clock
struck midnight in Delhi at the end of Monday, Visa, Mastercard and American
Express were suddenly in violation of the law every time an Indian swiped a
credit or debit card.
They also became unwilling warriors in a
budding conflict between America’s technology giants and the Indian government,
which wants more control over the data they collect on India’s 1.3 billion
residents.
The spark for the current fight is a new law,
passed in April and in effect starting Tuesday, that requires payments
companies to store all information about transactions involving Indians solely
on computers in the country. The law and the hubbub over it are part of a
debate over a concept known as “data localization,” in which a country places
restrictions on data as a way to gain better control over it and potentially curb
the power of international companies. American firms have lobbied hard against
data localization rules around the world.
In India, Visa, Mastercard and American
Express, as well as other financial players like Amazon and PayPal, said they
needed more time to comply with the order by the country’s banking regulator,
the Reserve Bank of India.
The companies told the R.B.I. that their
fraud detection and other data processing systems were distributed on machines
across the world and could not be quickly redesigned to work in India alone. As
an alternative, they offered to store copies of the Indian data in the country
for easy access by regulators, tax authorities and law enforcement.
But the R.B.I. would have none of it. In
recent phone calls to the top Indian executives of the major payments companies
and in letters to the companies last week, the banking regulator warned that it
would take action, including imposing fines, if they missed the Monday night
deadline.
Mukesh Aghi, the chief executive of the
U.S.-India Strategic Partnership Forum, said the payments companies were
frustrated with the regulators. “They refuse to sit down and have a
discussion,” said Dr. Aghi, whose policy group counts the head of Mastercard on
its board.
Spokesmen for Visa and American Express
declined to comment on their response to the local storage rule.
Representatives of Mastercard and the R.B.I. did not respond to multiple
requests for comment.
Amazon, which operates an India-only payments
service that uses elements of its global technology platform, said in a
statement: “Compliance with local laws and regulation is a top priority for us
in all the countries we operate in. We continue to work closely with the
regulator towards this.”
The R.B.I., an agency akin to the Federal
Reserve in the United States, has said little about why it decided that Indian
financial data must be stored only in India. In its April order, it said, “In
order to ensure better monitoring, it is important to have unfettered
supervisory access to data stored with these system providers.”
Its policy changed as other arms of the
Indian government — spurred by both a privacy ruling from the Supreme Court and
India-first nationalists in the governing Bharatiya Janata Party — had begun
deliberating over much bigger changes to the country’s data, e-commerce and
privacy laws.
Those broader proposals, which are unlikely
to be passed until after India’s national elections in May, are intended to
curb the ability of American tech titans to collect, analyze and make money
from data they collect inside the country, which is the world’s fastest-growing
market for new internet users. The rules would also give a leg up to domestic
firms like Reliance Jio, a leading telecom provider, and Paytm, a payments
company, which are seeking government help as they try to compete with the
likes of Google, Facebook, Amazon and Mastercard.
India’s prime minister, Narendra Modi, has
portrayed himself abroad as a pro-business leader who welcomes foreign
investment. At the same time, the right wing of his party has pushed him to
adopt more protectionist, India-first policies to appeal to voters, and law
enforcement officials have urged him to make sure they can easily get data on
residents when they need it.
The Trump administration and the bipartisan
India caucus of the United States Senate have both urged India to reconsider
its data localization campaign, in part because India’s own outsourcing
companies depend on moving data across borders to offer their services.
On Friday, the co-chairmen of the India
caucus, Senators John Cornyn, Republican of Texas, and Mark Warner, Democrat of
Virginia, wrote to Mr. Modi warning that data localization “will have negative
impacts on the ability of companies to do business in India, may undermine your
own economic goals and will likely not improve the security of Indian citizens’
data.”
The same day, Dennis Shea, a deputy United
States trade representative and the ambassador to the World Trade Organization,
told a Washington audience, “We want to have prohibitions on data localization,
disciplines to ensure this free flow of data across borders.”
Dr. Aghi, who has helped American financial
firms press their case with the Indian government, said top executives of the
big payments companies were summoned to a meeting on Wednesday with B. P.
Kanungo, who oversees regulation of payments at the R.B.I.
At that meeting, the payments companies asked
for 12 more months to fully localize Indian financial data. But R.B.I.
officials insisted that the companies meet the Monday night deadline.
In a follow-up letter to India’s finance
minister, Arun Jaitley, Dr. Aghi said the R.B.I. had improperly suggested that
the foreign financial firms seek assistance from iSpirt, a technology think
tank in Bangalore with close ties to the government and Indian
financial-services players.
The only major American company that said it
was ready to comply by midnight was Facebook’s WhatsApp messaging service.
WhatsApp has been testing an India-only payments service but has yet to receive
government approval to offer it to all 250 million of its Indian users.
