It was on a Friday, 6 April, that the Reserve Bank of India (RBI) dropped the bomb. A circular. Its innocuous title was “Storage of Payment System Data”, which didn’t suggest what was in store at all. But in 15 very to-the-point lines, it twisted the knife deeper in the back of multinationals with each word. It said all payment processors need to store end-to-end transaction details and all associated data in the country. It said the regulator needed unfettered access to the data. It finished the job by giving companies six months to do it.
The panicked calls flew fast and thick, from payment processors like Visa and Mastercard to technology companies like Google and Facebook. How serious were RBI and the government in carrying this out, they wondered. Moreover, wasn’t the Srikrishna committee—commissioned by the Ministry of Electronics and Information Technology, or MeitY, as it’s more commonly known—working on a personal data protection bill in the background?
Speaking of which, the 11-member committee headed by former chief justice B.N. Srikrishna submitted its draft bill on 27 July. After working on it for over half a year. But just 11 days earlier, another government body had submitted its own grandiose set of recommendations on data privacy—that entity being the Telecom Regulatory Authority of India, or Trai. And those recommendations were aimed at not just the telecom industry, but also all internet companies. The Srikrishna committee, needless to say, was fuming.
In any case, before companies could completely process the committee’s report, within three days, another policy grenade landed in their midst. A document titled “Electronic Commerce in India: Draft National Policy Framework” leaked from a think tank that was set up under the Ministry of Commerce just for this purpose. This ministry too became a serious contender in the tech regulation race.
Technology companies in India have never before seen such harried policy activity. The last six to seven months have seen as many as eight policies or recommendations from 10 different institutions—from regulators like RBI and Trai to think tanks like Niti Aayog to central government ministries and departments like MeitY and the commerce ministry. And each has the potential to rewrite business rules for good. This is a new reality in which firms find themselves in a near-constant policy funk.
“We don’t have a consolidated, integrated long-term strategy as a nation, what we have is five blind men touching the elephant and making rules based on what they see [because of the dispersed roles and responsibilities of different entities],” says Suhaan Mukerji, a partner at law firm PLR Chambers. He adds: “Regulators are responding to specific business models rather than a comprehensive principle-based approach that can address all business models.”
It also doesn’t help that companies too are resisting regulation blindly and are reacting the way they know best.