SUMMARY
The RBI has directed NPCI to block full-scale launch of WhatsApp Payments
WhatsApp is storing data outside India beyond permitted timelines, RBI claims
Concerns about data security following Pegasus spyware debacle also influenced RBI decision
Speculations on how WhatsApp Payments may not see the light of day any time soon have been proven right. Following the Pegasus spyware debacle, the Reserve Bank of India (RBI) has told the Supreme Court that WhatsApp is non-compliant with data localisation norms and that it has directed the National Payments Corporation of India (NPCI) to not allow a full-scale launch of the payments service by the Facebook-owned company.
WhatsApp Payments, which is based on the unified payments interface (UPI), has been delayed and stuck in beta for over a year.
RBI’s response came in the wake of the government reaching out to NPCI, which manages the UPI standard, and RBI’s larger concerns around data security in the social media platform’s payments service.
“The RBI has examined the said reports (by NPCI) and the responses of NPCI and is of the considered view that WhatsApp is storing the following payment data elements outside India beyond the permitted timelines indicated in the circular and frequently asked questions (FAQs) on storage of payments system data issued by RBI on June 26, 2019,” said RBI, as quoted by TOI.
What Went Wrong For WhatsApp
WhatsApp’s plan to have full-scale operations on UPI payments service hit the first roadblock when centre for accountability and systemic change (CASC) had filed a petition in the SC saying WhatsApp had not been complying with local laws. In its reply, WhatsApp claimed that it was complying with all local laws as India is its largest market with more than 400 Mn monthly active users.
Initially, Indian government’s main concern with WhatsApp was the widespread use of its platform to spread fake news, misinformation and other questionable content affecting national security. Then, following the complaints of the messaging platform being used to spy on individuals, the ministry of electronics and information technology (MeitY) has been working on formulating regulations for social media platforms including WhatsApp traceability.
Further adding to the woes of WhatsApp was the Pegasus spyware controversy. It was alleged that the instant messaging service platform was used by an Isreali spyware Pegasus to spy on Indian users, who are mostly journalists, academics, lawyers and activists. The government then started questioning WhatsApp’s capabilities to handle something as sensitive as digital payments.
Since then the government claimed that WhatsApp hadn’t shared any information regarding the breach, while the latter claimed it made two submissions about the breach in May and September. However, IT ministry officials said the report was vague and did not explain the breach clearly.
