---
layout: default
title: "Data Localisation May Pinch Startups and Payments Firms"
description: "An Economic Times report examining how India's draft Data Protection Bill and mandatory data localisation requirements could increase costs and compliance burdens for startups, payments companies and financial firms, featuring commentary from Sunil Abraham."
categories: [Media mentions]
date: 2018-07-28
source: "The Economic Times"
authors: ["Mugdha Variyar", "Pratik Bhakta"]
permalink: /media/data-localisation-may-pinch-startups-payments-firms/
created: 2025-12-08
---

**Data Localisation May Pinch Startups and Payments Firms** is an *Economic Times* report published on 28 July 2018. The article discusses how India's draft Data Protection Bill could reshape data practices across startups, fintech firms and financial institutions by mandating local storage of personal and sensitive personal data. Sunil Abraham and other experts highlight the implications for compliance, market power and cross-border data flows.

## Contents

1. [Article Details](#article-details)  
2. [Full Text](#full-text)  
3. [Context and Background](#context-and-background)  
4. [External Link](#external-link)

## Article Details

<dl class="media-details">
  <dt>📰 Published in:</dt>
  <dd><em>The Economic Times</em></dd>

  <dt>📅 Date:</dt>
  <dd>28 July 2018</dd>

  <dt>👥 Authors:</dt>
  <dd>Mugdha Variyar & Pratik Bhakta</dd>

  <dt>📄 Type:</dt>
  <dd>News Report</dd>

  <dt>📰 Newspaper Link:</dt>
  <dd>
    <a class="btn" href="https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/data-localisation-may-pinch-startups-payments-firms/articleshow/65173964.cms">
      Read Online
    </a> (subscription needed)
  </dd>
</dl>

## Full Text

<div class="highlighted-text" id="fulltext">

<p><strong>Synopsis:</strong><br>
Companies will have to store financial data here if it's notified as critical data, a move that will add to their costs.</p>

<p>BENGALURU: The draft Data Protection Bill is likely to have significant impact on how companies and startups use customer data, particularly as it would increase costs and make it difficult for them to take data outside the country.</p>

<p>The draft bill is also likely to bring more financial companies, aside from only payments companies, under the ambit of data localisation by categorising all financial data as sensitive personal data. Data localisation has been a point of contention between the Reserve Bank and payment companies.</p>

<p>The draft bill prescribes strict restrictions on how much personal data a company or any data fiduciary can collect and how they can use the data. It also says companies cannot make the provision of any goods or services or the quality or performance of any contract conditional on acquiring consent to process personal data not necessary for that purpose.</p>

<p>Experts say this will put an end to the "take it or leave it" contracts that several companies often demand from customers.</p>

<p>"This is basically a provision to deal with non-negotiable contracts, wherein the data controller uses its market power to force people to give up personal data," said Sunil Abraham, executive director of the Centre for Internet and Society, a think tank. "This recommendation makes it clear that 'take it or leave it' contracts can only insist on data that is necessary for the service or product being provided."</p>

<p>On data localisation, the draft bill states that every data fiduciary shall ensure the storage of at least one serving copy of personal data on a server or data centre located in India. While this allows for data mirroring — or the storage of data both abroad and in India — it could make it difficult for companies to take data outside the country, said Subho Ray, president of the Internet and Mobile Association of India.</p>

<p>This is because the draft bill states that the government can notify categories of personal data as critical personal data that can only be processed in a server or data centre located in India.</p>

<p>"Though there is no clarity yet on critical personal data, there is a strong chance that financial data could be classified as critical data and players dealing with financial data could be mandated to keep data within India only," said Vivek Belgavi, fintech partner at PwC.</p>

<p>Under the bill, all financial data, including personal data used to identify an account opened by, or card or payment instrument issued by a financial institution, or any personal data regarding the relationship between a financial institution and a data principal including financial status and credit history, has been classified as sensitive personal data.</p>

<p>Credit scoring, lending and insurance companies could also be impacted, said an industry member on condition of anonymity. Abraham said that while cross-border data may be allowed for certain cases, it will include liability on the entity. This move will increase costs for companies as they will have to necessarily store data within the country, as per the experts.</p>

</div>

<button class="copy-btn-full" data-copytarget="#fulltext">Copy Full Text</button>

{% include back-to-top.html %}

## Context and Background

India's draft Data Protection Bill emerged at a moment when governments worldwide were asserting greater control over data flows, storage and processing practices. The bill’s provisions on sensitive personal data, data mirroring and potential “critical personal data” classification signalled a significant shift for startups, fintech companies and cloud-dependent businesses.

Sunil Abraham's commentary highlights two central issues:

- the bill's attempt to curb non-negotiable, data-hungry contracts that exploit users' lack of bargaining power;  
- the high compliance and infrastructure costs associated with mandatory local storage, especially for smaller firms.

These debates foreshadowed subsequent regulatory battles around cross-border data flows, encryption and digital sovereignty in India.

## External Link

- <a href="https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/data-localisation-may-pinch-startups-payments-firms/articleshow/65173964.cms">Read on The Economic Times</a> (subscription needed)

<style>
.media-details {
  background: #f9fbfe;
  border: 1px solid #d8e2f0;
  border-radius: 10px;
  padding: 1.2rem 1.4rem;
  max-width: 700px;
  margin: 1.2rem auto;
  font-size: 0.96rem;
  line-height: 1.5;
  color: #333;
  box-shadow: 0 2px 4px rgba(0,0,0,0.04);
}
.media-details dt {
  font-weight: 600;
  color: #1b2a49;
  margin-top: 0.7rem;
}
.media-details dd {
  margin: 0 0 0.3rem 0.3rem;
  color: #555;
}
.highlighted-text {
  background-color: #fffbea;
  border-left: 4px solid #f2ce61;
  padding: 1rem 1.2rem;
  border-radius: 8px;
  line-height: 1.65;
  color: #333;
  margin-bottom: 0.8rem;
}
.highlighted-text p { margin-bottom: 1rem; }
.copy-btn-full {
  display: inline-block;
  background: #f1f1f1;
  border: 1px solid #ccc;
  font-size: 0.85rem;
  padding: 0.4rem 0.8rem;
  border-radius: 6px;
  cursor: pointer;
  transition: background 0.2s ease;
  margin-bottom: 1.5rem;
}
.copy-btn-full:hover { background: #e5e5e5; }
</style>

<script>
document.addEventListener('DOMContentLoaded', () => {
  document.querySelectorAll('.copy-btn-full').forEach(btn => {
    btn.addEventListener('click', async () => {
      const target = document.querySelector(btn.getAttribute('data-copytarget'));
      if (!target) return;
      try {
        await navigator.clipboard.writeText(target.innerText.trim());
        const original = btn.textContent;
        btn.textContent = 'Copied!';
        setTimeout(() => (btn.textContent = original), 1500);
      } catch (e) {
        btn.textContent = 'Copy failed';
        setTimeout(() => (btn.textContent = 'Copy Full Text'), 1500);
      }
    });
  });
});
</script>