> They still have access to the transaction data, right? So they can build financial profiles on their users, as well as communications profiles (even if only metadata is available) since they dominate that market at well. Seems like a gold mine for intelligence operations.
Definitely. That's what they're all in for.
> Are there laws mandating that the data has to stay on Indian servers and be insulated from the outside?
GOI have started enforcing these requirements but I'm not sure where exactly the situation is right now.
> Or maybe government/public sector employees can’t use these foreign services (seems unlikely)?
Only recently these things have picked up and are considered a serious threat to the nation's security and sovereignty. The defense forces are more serious about it right now but maybe with time it'll change for other government employees too.
