Peter Moore, APAC and Japan MD of Amazon Web Services, told The Hindu that data localisation was a secure way to store data. the company provided its customers with data monitoring tools: where the data is located, it is not moving (elsewhere), it will be secure, and there won’t be unauthorised access.

Based on his interview, Moore said that:

  • The government has the right to ask companies to store sensitive data locally so that Indian laws can apply to it
  • Amazon invested in data centres in India to assure the government that all Indian user related data stays in the country
  • Data security can be provided when the customer knows where their data is stored and can be assured that it will stay secure and unauthorised access will not happen

In another instance last week, Teresa Carlson, VP of AWS global public sector, told CNBCTV18 that the company was working with the Indian government with respect to data privacy and localisation, and offering white papers on these topics.

RBI’s mandate on local data storage

Last month, we reported that Amazon India’s plan to launch its own UPI-based payments service had been hampered owing to RBI’s concerns regarding the storage of user data in India. Amazon was then seeking more clarity from the central bank.

In April, the RBI mandated that all payments system operators working in India needed to ensure that the data related to operating payment systems be stored in the country. This move could come into effect from October 15 this year, but there is uncertainty over its implementation due to the Data Protection Bill, 2018.

India’s Draft Data Protection Bill

Meanwhile, earlier this month, Google CEO Sundar Pichai wrote a letter to the Indian IT Ministry arguing in favour of allowing cross-border data transfer. Contrastingly, Rajan Anandan, Google VP of India and Southeast Asia, had told the Economic Times in May that the company would comply with any data localisation law that India comes up with.

Pichai’s letter went just as the IT Ministry is currently holding a public consultation on the Srikrishna committee’s draft Personal Data Protection Bill. This bill places some restrictions on what personal data can leave the country. That draft also requires all companies to keep a ‘serving copy’ of all Indian user data in data centres within the country.

Also read: Govt says foreign firms storing copies of data ‘locally’ a potential solution over RBI norms

Corrigendum: We have updated the headline to reflect more accurately what Moore said to The Hindu, from “right to ask” to “has the right to ask”. We have also updated the first sentence to better reflect what Moore said about data storage and access. We apologise for the error, and any inconvenience arising from it. (Original publishing date 26 September, updated on 28 September.) The headline has been updated to fix a typo as well.