NRI Dunia
Think Outside The Box

SC to hear on Nov 23 plea for regulation to ensure UPI platform data not exploited

The Supreme Court Friday said it would hear on November 23 the plea filed by Rajya Sabha MP Binoy Viswam seeking direction to the RBI for framing regulation to ensure that data collected on UPI platforms are not “exploited” or used in any manner other than for processing payments.

The matter came up for hearing before a bench comprising Chief Justice SA Bobde and Justices AS Bopanna and V Ramasubramanian which listed it for hearing next week.

On October 15, the Apex Court had sought responses from the Centre, the Reserve Bank of India (RBI), the National Payments Corporation of India (NPCI) and others including Google Inc, Facebook Inc, WhatsApp and Amazon Inc on the plea.

Viswam, the Communist Party of India (CPI) leader, has sought a direction to the RBI and the NPCI to ensure that data collected on Unified Payments Interface (UPI) platforms was not shared with their parent company or any other third party under any circumstances.

“In India, the UPI payments system is being regulated and supervised by Respondent no. 1 (RBI) and Respondent no. 2 (NPCI), however, the RBI and the NPCI instead of fulfilling their statutory obligations and protecting and securing the sensitive data of users are compromising the interest of the Indian users by allowing the non-compliant foreign entities to operate its payment services in India,” the plea has alleged.

“The RBI and the NPCI have permitted the three members of ‘Big Four Tech Giants’ i.e. Amazon, Google and Facebook/WhatsApp (Beta phase) to participate in the UPI ecosystem without much scrutiny and in spite of blatant violations of the UPI guidelines and the RBI regulations,” it claimed.

The plea has alleged that this conduct of the RBI and the NPCI put the sensitive financial data of Indian users at huge risks, especially when these entities have been “continuously accused of abusing dominance and compromising data”, among other things.

It said these allegations have become particularly worrisome at a time when India has banned a host of Chinese applications on the ground that those applications were or could be used for data theft and could lead to security breaches.

It has further sought a direction that the RBI and the NPCI should ensure that WhatsApp was not permitted to launch full-scale operations of ‘WhatsApp Pay’ in India without fulfilling all legal compliances to the satisfaction of the court regarding requisite regulatory compliances.

It said that in April 2018, the RBI, with a view to secure the data of Indian users, had issued a circular directing all system providers to ensure that entire data relating to payment systems operated by them are stored in systems only in India and they were asked to ensure compliance by October 15, 2018.

The plea claimed that later, the RBI toned down the April 2018 circular by issuing Frequently Asked Questions (FAQs) and permitted processing of all payment transactions abroad, including domestic transactions.

In the said FAQ it was clarified that in cases of data processing done abroad, the data should be deleted from the systems abroad and brought back to India within 24 hours, the plea said.

It has sought the apex court’s direction to declare the FAQ dated June 26, 2019, issued by the RBI as ultra vires to the circular dated April 6, 2018.

The plea referred to another pending petition in the apex court and said that in that matter, the counsel appearing for WhatsApp had undertaken that his client would not go ahead with payment services without complying with all the regulation in force.

It alleged that Google and Facebook already have access to “immense personal data of millions of Indian users” and if they are permitted to collect “unrestricted financial data” of Indian users while operating at the UPI platform, the same would give them “draconian control” over sensitive Indian data.