India’s data localisation plans hang in the balance as it will join the other Regional Comprehensive Economic Partnership (RCEP) countries on Thursday in discussing the e-commerce chapter of the RCEP agreement. The RCEP meeting will take place in Bangkok from October 10-13. If India agrees to the provisions of Chapter 10 on e-commerce, as specified by most of the other countries, it will mean it won’t be allowed to impose data localisation rules on companies looking to do business in India.
This would go against the Reserve Bank of India’s (RBI’s) norms on localisation of payments data that it had ordered in April 2018. “No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory,” reads the wording in the draft chapter — as suggested by Australia, Japan, New Zealand, South Korea, and the 10 Association of Southeast Asian Nations (ASEAN) — reviewed by The Hindu.
Further, the suggested phrasing by the 14-member group (the RCEP comprises 16 countries including China) on cross-border electronic transfers is that “a Party shall not prevent cross-border transfer of information by electronic means, where such activity is for the conduct of the business of covered person.”
In its April 2018 notification, the RBI had said that “all system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India”.
This data is to include the full end-to-end transaction details, information collected, carried, or processed as part of the message or payment instruction. If India agrees to the wording as it is, then these rules by the RBI will also have to be reviewed, as would any future plans the government has to implement data localisation in any form.
However, Indian negotiators are trying to dilute the provisions in the Chapter, by including a provision to make the RCEP clauses subject to domestic laws.
India’s suggestion for the Chapter thus reads: “No Party shall, subject to laws and regulations framed by it from time to time, require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.”
A similar change has been suggested to the clause on the transfer of electronic information across borders, where India wants to make the clause subject to domestic laws and norms framed from time to time.