- The PIL seeks directions to ensure that the data collected by the third-party UPI platforms such as Google Pay and Amazon Pay is not misused.
- The petitioner has requested RBI and NPCI to ensure that the data collected by these platforms is not shared with their parent entities.
- The Reserve Bank of India has informed the supreme court that the responsibility to ensure that tech giants comply with laws governing UPI lies with NPCI, not with RBI.
Reacting to the PIL filed by CPI MP Binoy Viswam, The Supreme Court Of India, on February 1, sought responses from Google, Amazon, Facebook, WhatsApp to a plea that seeks to ensure data privacy of users’ on their UPI platforms.
The Public Interest Litigation (PIL) filed by Binoy Viswam seeks directions to the Reserve Bank Of India (RBI) and National Payments Corporation Of India (NPCI) to ensure users that the data collected by the third-party UPI platforms such as Google Pay, Amazon Pay, Paytm, PhonePe is not misused by these companies.
CPI MP Binoy Viswam had earlier filed a petition regarding the same users’ data privacy concern in October 2020.
On February 1, A bench headed by Chief Justice Sharad Arvind Bobde issued a notice to WhatsApp India, after Advocate Krishnan Venugopal, appearing on behalf of the petitioner, said that despite the petition being pending for months, WhatsApp and its parent Facebook hadn’t filed counter-affidavits in the matter.
Further, The Chief Justices SA Bobde, AS Bopanna, and V Ramasubramanian said, If WhatsApp does not file its reply in this matter, then the petition filed by CPI MP Binoy Viswam will be taken as accepted.
Senior Advocate Arvind Datar, appearing for WhatsApp, said that the detailed counter would be filed by the company.
The petitioner has requested RBI and NPCI to ensure that the data collected by these platforms for facilitating payments services are not misused and not shared with their parent entities.
It was claimed that the RBI and NPCI have allowed Amazon, Google, and Facebook to enter the UPI payments ecosystem without much scrutiny. “This conduct of the RBI and the NPCI puts the sensitive financial data of Indian users at huge risks, especially when these entities have been continuously accused of abusing dominance, and compromising data, among other things,” the earlier petition said.
Meanwhile, responding to the plea, The RBI had filed a counter-affidavit claiming that the responsibility to ensure that Google, Amazon, Facebook, and WhatsApp comply with laws governing UPI lies with NPCI, not with RBI.
In an affidavit filed before the Supreme Court in December 2020, the RBI said Third-Party App Providers (TPAPs) are not given any sanction by the RBI under the Payment and Settlement Systems Act, 2007 (PSS Act).
“They are not system providers as defined in Section 2(q) of the PSS Act, i.e. authorized payment system operators, and therefore they do not fall under the regulatory domain of RBI directly. On the other hand, NPCI is the system provider of UPI and, therefore, comes under the regulatory radar of RBI,” the RBI said.
The next hearing will now be heard after four weeks, by which time, all parties are required to file their responses to this matter.