Data Protection Bill: JPC summons Visa, Mastercard officials
The joint parliamentary committee (JPC) on the data protection bill has summoned representatives of Visa and Mastercard, a move that suggests the panel could shift its focus to provisions regarding data localisation in the draft law.
The panel has questioned officials of social media and internet giants such as Twitter and Google. According to market researches, India has 47 million credit card users in 2019 and is poised to grow substantially with the government’s push for a cashless economy. Debit card usage, however, remains at a higher level. While Visa is the world’s largest payment gateway services, Mastercard stands a close second.
In India, the government-backed Rupay dented the market share of the both Visa and Mastercard. In 2018, then finance minister Arun Jaitley said the indigenously developed payment system of UPI and RUPAY Card transact 65 % of the payments done through debit and credit cards.
Led by BJP MP Meenaskhi Lekhi, the panel will also summon Paypal, another popular payment gateway, and Cyble, a cyber threat intelligence firm.
Cyble has been in controversy of late after reporting the alleged breach of user data in BigBasket, which in turn lodged an FIR suggesting the company may be attempting to extort money in order to secure user data now purportedly on sale on the dark web.
So far, US-based tech companies and social media giants have opposed the data localisation provisions of the bill and maintained that any attempt to stop cross-border transfer of user data can impact business prospects in India and affect several startup companies.
The draft data protection law, which will serve as a key legal basis for the right to privacy in India, requires companies to keep a copy of all personal data of Indian users in India. A previous version of the law, drafted by the committee led by justice BN Srikrishna, suggested that all personal data must mandatorily be stored and processed in India. The 2019 draft bill allows companies to take such data, as long as it is not deemed critical, for processing in servers outside India after obtaining consent.
This has significant implications for companies that use cloud services, which is a network of for-hire servers often based outside of the country.