Data Protection Bill: JPC Convenes Visa and Mastercard Officials
The joint parliamentary committee (JPC) on the data protection bill has convened representatives from Visa and Mastercard, a move that suggests the panel could shift its focus to the provisions regarding data localization in the bill. .
The panel has questioned officials from social media and internet giants like Twitter and Google. According to market research, India has 47 million credit card users in 2019 and is poised to grow substantially with the government’s push for a cashless economy. The use of debit cards, however, remains at a higher level. While Visa is the largest payment gateway service in the world, Mastercard ranks in a close second.
In India, the government-backed Rupay cut the market share of Visa and Mastercard. In 2018, then-Finance Minister Arun Jaitley said that UPI and RUPAY Card’s locally developed payment system processes 65% of payments made via debit and credit cards.
Led by BJP MP Meenaskhi Lekhi, the panel will also convene Paypal, another popular payment gateway, and Cyble, a cyber threat intelligence firm.
Cyble has been in controversy lately after reporting the alleged breach of user data on BigBasket, which in turn filed an FIR suggesting that the company may be attempting to extort money to protect user data that is allegedly for sale on the dark web.
Until now, US-based tech companies and social media giants have opposed the bill’s data localization provisions and maintained that any attempts to stop the cross-border transfer of user data it can affect business prospects in India and affect various startups.
The data protection bill, which will serve as the key legal basis for the right to privacy in India, requires companies to keep a copy of all personal data of Indian users in India. An earlier version of the law, drafted by the committee led by Judge BN Srikrishna, suggested that all personal data must be compulsorily stored and processed in India. The 2019 bill allows companies to take such data, as long as it is not deemed critical, for processing on servers outside of India after obtaining consent.
This has significant implications for companies using cloud services, which is a network of rental servers that are often located outside the country.