On October 15, the apex court had sought responses from the Centre, Reserve Bank of India (RBI), National Payments Corporation of India (NPCI) and others including Google Inc, Facebook Inc, WhatsApp and Amazon Inc on the plea.
Viswam, the Communist Party of India (CPI) leader, has sought a direction to the RBI and the NPCI to ensure that data collected on Unified Payments Interface (UPI) platforms is not shared with their parent company or any other third party under any circumstances.
"In India, the UPI payments system is being regulated and supervised by Respondent no. 1 (RBI) and Respondent no. 2 (NPCI), however the RBI and the NPCI instead of fulfilling their statutory obligations and protecting and securing the sensitive data of users are compromising the interest of the Indian users by allowing the non-compliant foreign entities to operate its payment services in India," the plea has alleged.
"The RBI and NPCI have permitted the three members of 'Big Four Tech Giants' i.e. Amazon, Google and Facebook/WhatsApp (Beta phase) to participate in the UPI ecosystem without much scrutiny and in spite of blatant violations of UPI guidelines and RBI regulations," it claimed.
The plea has alleged that this conduct of RBI and NPCI put the sensitive financial data of Indian users at huge risks, especially when these entities have been "continuously accused of abusing dominance and compromising data", among other things.
It said these allegations have become particularly worrisome at a time when India has banned host of Chinese applications on the ground that those applications were or could be used for data theft and could lead to security breaches.
It has further sought a direction that RBI and NPCI should ensure that WhatsApp is not permitted to launch full scale operations of 'WhatsApp Pay' in India without fulfilling all legal compliances to the satisfaction of the court regarding requisite regulatory compliances.
It said that in April 2018, the RBI, with a view to secure the data of Indian users, had issued a circular directing all system providers to ensure that entire data relating to payment systems operated by them are stored in systems only in India and they were asked to ensure compliance by October 15, 2018.
The plea claimed that later, the RBI toned down the April 2018 circular by issuing Frequently Asked Questions (FAQs) and permitted processing of all payment transaction abroad, including domestic transactions.
In the said FAQ it was clarified that in cases of data processing done abroad, the data should be deleted from the systems abroad and brought back to India within 24 hours, the plea said.
It has sought the apex court's direction to declare the FAQ dated June 26, 2019 issued by the RBI as ultra vires to the circular dated April 6, 2018.
The plea referred to another pending petition in the apex court and said that in that matter, the counsel appearing for WhatsApp had undertook that his client would not go ahead with payment services without complying with all the regulation in force.
It alleged that Google and Facebook already have access to "immense personal data of millions of Indian users" and if they are permitted to collect "unrestricted financial data" of Indian users while operating at the UPI platform, the same would give them "draconian control" over sensitive Indian data.
SEE ALSO:
Mumbai’s massive power cut last month may have been the work of hackers
Vodafone Idea soars nearly 5% on fund infusion from Indus Towers stake sale
PUBG Mobile India was rumoured to launch today — but there is no official update from the company