RBI action on Mastercard again shows why it is urgent to have an omnibus data protection law

Source: TOI

Synopsis: Mastercard Asia has been ordered by RBI to refrain from taking on new customers as it failed to fulfil its obligations under the local data storage rules.

Also Read: Mastercard can’t issue new cards from July 22: RBI
Issues involved
  • Impact on the payments market: India’s retail payments landscape has transitioned to contactless payments, and cards are slowly losing relevance. Cards have a 3% market share and Mastercard is estimated to account for around one-third of those transactions. Therefore, RBI’s move, especially since renewal of existing Mastercards are not affected, won’t be really market disruptive
  • This data localisation requirement is also consistent with India’s Personal Data Protection Bill (PDP) that was introduced in Parliament 19 months ago. The bill was referred to a joint parliamentary committee and its report is still under preparation.

Way forward

The original bill covered localisation and stated that some critical data shall be processed only in India. PDP cannot exist in isolation. India has globally competitive firms in data processing and PDP’s structure will have a ripple effect on them. A benchmark could be the EU’s GDPR which allows transfer of data to non-EU-based firms provided they follow the same standards.

Also Read: Personal Data Protection Bill and issues around data localisation
Print Friendly and PDF