The Supreme Court on 15 October issued notice to Centre, Google, Amazon and Facebook/WhatsApp over a petition filed by CPI MP Binoy Viswam seeking data protection of transactions made over UPI.
A three-judge bench headed by CJI SA Bobde said, “we will issue notice. Here there is apprehension that the entire regime of payments will commence before the entire regulatory framework is put in place.”
Senior advocate Shyam Divan appearing for Viswam said that RBI issued an order in April 2018 asking these multinational firms to ensure data transacted on these forums is secured in a server within India. This was to be complied by October 2018. This was not done, Divan said.
He further informed the Court that WhatsApp stores data with its parent company Facebook having server outside India.
The Rajya Sabha MP had on 10 September filed a plea claiming that the three Big Tech companies have been allowed to participate in the payments space without much scrutiny and inspite of blatant violations of UPI guidelines and RBI regulations. Viswam, seeking SC’s intervention, said that the right to privacy of Indian citizens is to be protected from misuse by the “giant corporations for (their) financial ends.”
In April 2018, the RBI with a view to secure the data of Indian users issued a circular directing all system providers to ensure that the entire data relating to payment systems operated by them are stored in systems only in India.
UPI disturbed by third parties?
Amazon, Facebook and Google have been jolted by certain data regulation proposals tabled by a government panel. According to a report published last month, a group representing tech giants is preparing to push back against the UPI-related proposals.
The government-appointed panel had recommended in July that a regulator should be set up to keep a watch on data that is anonymised or devoid of personal details but critical for companies to build their businesses. The panel suggested a mechanism for companies to share data with others — even competitors — saying this would spur the digital ecosystem. If the recommendations are accepted by the government, it will form the basis of a new law to regulate such data in transactions of the UPI kind.
Moreover, a data protection bill has been drafted with stringent norms that seek to regulate “non-personal” data recorded by tech giants such as Amazon, Facebook and Google. Apart from these recommendations, tech giants have been facing numerous roadblocks with respect to the use and storage of data, especially for financial services.
WhatsApp’s payments service has been stuck in the beta phase for over a year now. First, it had to comply with data localisation norms and then a plea was filed in the apex court highlighting that WhatsApp was a social media platform bundled with the payments feature.
Google Pay has had its share of problems with litigation. Last month, a petition was filed in the Delhi High Court claiming that the payments platform had “unauthorised access to the Bhim Aadhaar — UPI protection: Supreme Court notice to Centre, Google, AmazonUnified Payments Platform”.
The search engine giant responded that it does not have access to the Aadhaar database and does not require any such information for operating its digital wallet platform Google Pay.