SC Notice To Govt, Google, Amazon, Facebook Over UPI Data Security

The Supreme Court has issued notice to Centre, Google, Amazon and Facebook/WhatsApp over a petition filed by CPI MP Binoy Viswam seeking data protection of transactions made over Unified Payments Interface (UPI).

A three-judge bench headed by Chief Justice of India SA Bobde said, “We will issue notice. Here there is apprehension that the entire regime of payments will commence before the entire regulatory framework is put in place.”

Senior advocate Shyam Divan appearing for Viswam said that RBI issued an order in April 2018 asking these multinational firms to ensure data transacted on these forums is secured in a server within India. This was to be compiled by October 2018. This was not done, Divan said.

He further informed the court that WhatsApp stores data with its parent company Facebook having servers outside India, reported HT.

The Rajya Sabha MP had on September 10 filed a plea claiming that the three Big Tech companies have been allowed to participate in the payments space without much scrutiny and inspite of blatant violations of UPI guidelines and RBI regulations.  Viswam, seeking SC’s intervention, said that the right to privacy of Indian citizens is to be protected from misuse by the “giant corporations for (their) financial ends.”

In April 2018, the RBI with a view to secure the data of Indian users issued a circular directing all system providers to ensure that the entire data relating to payment systems operated by them are stored in systems only in India. 

Big Tech’s Brush With Data Security Regulations

Amazon, Facebook and Google have been jolted by certain data regulation proposals tabled by a government panel. According to a Reuters report published last month, a group representing tech giants is preparing to push back against the proposals.

The government-appointed panel had recommended in July that a regulator should be set up to keep a watch on data that is anonymised or devoid of personal details but critical for companies to build their businesses.  The panel suggested a mechanism for companies to share data with others — even competitors — saying this would spur the digital ecosystem. If the recommendations are accepted by the government, it will form the basis of a new law to regulate such data.

Moreover, a data protection bill has been drafted with stringent norms that seek to regulate “non-personal” data recorded by tech giants such as Amazon, Facebook and Google. Apart from these recommendations, tech giants have been facing numerous roadblocks with respect to the use and storage of data, especially for financial services. 

WhatsApp’s payments service has been stuck in the beta phase for over a year now. First, it had to comply with data localisation norms and then a plea was filed in the apex court highlighting that WhatsApp was a social media platform bundled with the payments feature. 

Google Pay also has had its share of problems with litigation. Last month, a petition was filed in the Delhi High Court claiming that the payments platform had “unauthorised access to the Bhim Aadhaar – Unified Payments Platform”.

The search engine giant responded that it does not have access to the Aadhaar database and does not require any such information for operating its digital wallet platform Google Pay.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.