DNA Edit: Threatening India – MasterCard is careless about customers

It is time for the Indian government to get tough with global card payments major MasterCard. The company has proposed to the Reserve Bank of India (RBI) a 'certain’ date from which it will start deleting data of Indian cardholders from global servers. In doing so, it has attached a caveat, a thinly-veiled warning that this deletion will weaken “safety and security” over a period of time. In doling out such threats, MasterCard is carrying on its fight for opposing data localisation - by other means. RBI’s regulations in April 2018 require companies to store information about transactions by Indian users on servers within the country. It makes it mandatory that data of residents be collected, processed and stored inside the country, often before being transferred internationally, and usually moved only after meeting local privacy or data protection laws. 

In other words, the central bank wants global card companies like MasterCard to store information related to Indian card bearers on transactions within the country. The American company has been lobbying aggressively. Two top American Senators have said that India’s data localisation policy will be counter productive in the country’s efforts to modernise its framework. The Senators also said it will adversely impact US businesses in this country. MasterCard’s threat is borne out by the statement made by its Indian representative who pointed out that the company operates in over 200 countries, but nowhere has it been asked to delete data from its global servers. Maybe, the company forgot to mention China on that list. 

Now MasterCard, in what is obviously a tit for tat, has proposed to the RBI that it deletes back data from a certain date. This includes removing information from just about everywhere, including the card number and transaction details. Such a move, however, is fraught with dangerous consequences, as the chances of disputes arising on a large scale, cannot be ruled out. MasterCard is not the only company reacting with alarm. Global financial service companies, particularly those from the US, are lobbying the government to seek relaxation in rules. Visa, the other global card issuing company, has said that it had been working towards implementing a solution to comply with RBI’s requirements and has started storing data since October 15 to facilitate the central bank’s requirement of providing access to Indian card holders. 

Well, there is a way out of such subtle blackmail. The Indian government did not ask for deletion, but for storage of local data in India. A transfer of all past transaction data can also be undertaken. But MasterCard seems hell bent on bending the law. Any data generated by citizens is the property of those citizens and not the corporation. To ensure ownership, privacy and to prevent misuse, laws have to be followed and this can only be done if data is stored locally. Myopic threats reveal that MasterCard is not interested in its Indian customers.