Just days before the RBI’s directive to store all payments data in India comes into effect, WhatsApp has announced that it has built a system to store payments-related data locally in India.

“In India, almost 1 million people are testing WhatsApp payments to send money to each other in a simple and secure way. In response to India’s payments data circular, we’ve built a system that stores payments-related data locally in India. WhatsApp payments is useful for people in their daily lives and we hope to expand the feature to all of India soon so we can contribute to the country’s financial inclusion goals,” WhatsApp said in a statement.

WhatsApp’s payment troubles in India

WhatsApp Pay was first rolled out for beta-testing in February this year and was supposed to launch in March. However, full rollout of the payments service has been delayed multiple times over concerns of users’ privacy and compliance with RBI’s mandate on localisation. Additionally, WhatsApp has been in the thick with the Indian government, with allegations that the platform helped escalate rumours which led to a series of lynchings in the country.

  • In August, WhatsApp CEO Chris Daniels met Minister for IT & Electronics RS Prasad. The minister has directed that the company set up an office and have physical presence in the country.
  • An earlier demand by MeitY’s demand had been more conditional: WhatsApp could go ahead with its payments plans in India only after it opened an office and hired a team of people for it.
  • In July, the Indian government reportedly delayed the launch; MeitY had asked WhatsApp and its partner banks to provide more details about the payments system. Furthermore, the ministry had also asked the National Payments Corporation of India (NPCI) to check whether WhatsApp was fully compliant with its requirements.

The localisation mandate for payments data: A timeline

  • April 6: The RBI mandated all payments system operators in India to ensure that data related to payment systems operated by them be stored in the country, and gave companies six months to comply. The RBI wanted data stored locally “in order to have unfettered access to all payment data for supervisory purposes”.
  • July 12: The Finance Ministry eased the RBI’s directive for foreign payment firms, saying that mirroring a copy of the data in India would be enough, instead of requiring storing the data only locally.
    • Payments companies breathed a sigh of relief, and assumed that the Finance Ministry’s directive stands, and thought it would be okay to mirror user data in India. The companies were awaiting a circular from the central bank to this effect.
    • However, the RBI’s did not issue any such circular, which became a concern for global payment companies.
  • July 27: The long-awaited draft Data Protection Bill 2018 is submitted to the government; it adds an additional layer of confusion to the matter. The bill reportedly overrode all sectoral regulators and therefore all their directives. The bill mandated that all data fiduciaries store a copy of users’ personal data in India and worryingly, it also required mandatory storage of ‘critical personal data’ within India only. The bill, however, failed to state explicitly the definition of ‘critical data’.
  • September 6: RBI asked payment companies to send it fortnightly updates on the progress made on storage of payment system data in India.
  • October 15: The RBI’s circular on localisation of payments data comes into effect.