With the ongoing data localisation debate intensifying further in India, digital payments giant Paytm has raised objections against global search giant Google’s payments services — Google Pay — sharing payments data with its group companies in the country. Not only this, the company has also taken up the stand for government’s data localisation policy, which it expects to be beneficial for the Indian startup ecosystem.
In a letter to the National Payments Corporation of India (NPCI) chief Dilip Abse, Paytm pointed out that Google has the scope of sharing the payments data of Indian consumers with affiliate companies and third-party users.
“Google Pay, which is an unregulated platform, has the scope of using their customers’ data for their monetary gains with complete disregard for the users’ need for privacy. Google sharing and storing user data outside India presented severe security implications in case of a data breach,” Paytm wrote in the letter.
In April, the Reserve Bank of India (RBI) had asked all payment system operators in the country to store data relating to their customers in India to ensure that user details remain secure in case of privacy breaches. Payment companies have been given time until October 15 to comply with these guidelines.
However, since the first circular in April, the RBI has not put out any updates on the matter, increasing anxiety among industry players.
“Recently, WhatsApp was directed to stop sharing users’ data with its parent company, Facebook. In light of this, it is disconcerting that Google Pay is sharing its users’ critical personal data with Google, group companies, payment participants,” the letter added.
A Google spokesperson told Inc42, “Google Pay users have a direct relationship with Google — as per Google Pay terms of service a Google Account is opened with Google LLC. A common Google Account allows for checks and controls required for managing risk, fraud, spam and for enhancing security measures, that are applied across Google products. It runs as a common thread across Google products allowing for seamlessness of service that a user can avail of and benefit from. Google does not use any individual UPI transactions data for any monetisation purpose e.g. for advertisements.”
In another letter to the top executives of IAMAI and the Payments Council of India, Paytm said, “This is the moment for us to support our nation and promote ‘Data Sovereignty’ over ‘Data Monopolisation,’ which is possible through data localisation.”
Paytm also said the country needs a strong consumer data protection framework that respects the privacy concerns of citizens, and a level playing field for the Indian startup ecosystem with respect to global tech giants.
Apart from Alibaba and Paytm, global companies such as Google, Microsoft, Xiaomi, and VMW, among others, have come forward to support the government’s move for data localisation. Recently, Alibaba Cloud president Simon Hu said that the company was keen on data localisation in every country to promote data security.
From the past few months, Paytm has been urging the government to push for storage of customer data within the country and for not allowing mirroring of the data overseas.
It was also reported that global search giant Google has agreed to abide by all the RBI requirements but has sought around two months extra to comply with the guidelines. In a media interaction, Google CEO Sundar Pichai also pitched in for a free flow of cross-border data on the Internet, emphasising on security and privacy of users.
Recently, the payments app Google Tez (since renamed Google Pay) garnered around 25 Mn monthly active users who have collectively carried out 860 Mn worth of transactions.
[The development was reported by ET.]
Update 1: September 21, 2018 at 16:17 hours
The story has been updated to add more clarity in line with the latest developments. Earlier the story talked about only one letter sent to NPCI. However, later in the day, ET also reported about another letter shared by Paytm with the NPCI.