The conflict regarding snooping of WhatsApp users using Israeli spy software 'Pegasus' found a citing in the Supreme Court on 9th December 2020.
Rajya Sabha MP Binoy Viswam filed a plea alleging breach of financial data security of Indians using UPI services by Amazon, Google, and WhatsApp.
The Pegasus issue was referred by senior advocate Krishnan Venugopal, appearing for Rajya Sabha MP Binoy Viswam, who has filed a plea alleging breach of financial data security of Indians using 'Unified Payments Interface (UPI) services by Amazon Pay, Google Pay, and others.
A bench headed by Chief Justice SA Bobde referred to Venugopal's submission and told senior advocate Kapil Sibal, who was appearing for WhatsApp, that a serious allegation was made against WhatsApp that it can be hacked.
Sibal, while denying the allegations, said, "Absolutely baseless. There is no such pleading (in the writ petition). It is just an oral submission made across the bar without basis."
Petitioner's submission in SC with regards to major issues of UPI platforms:
Venugopal also asserted that another issue in the case was data localisation.
"Problem with WhatsApp, Amazon, and Google is that when they allow payment to happen and data goes abroad. Critical financial data is allowed to be accessed by companies abroad and RBI justifies it. This is a violation of privacy judgment as my data is being grossly misused as these companies then collect this data and use it for advertisement purposes," Venugopal said.
He added that all the data is being shared with the parent companies in violation of the National Payments Corporation of India (NPCI) guidelines.
"The data is being processed by the infrastructure of the parent company. The RBI has allowed WhatsApp, even when the case is pending before the court, to go ahead and share this data with companies like Google, Amazon, Facebook, etc without any circular or formal regulation," Venugopal further argued.
The bench was hearing a PIL filed by Viswam, a Communist Party of India (CPI) leader, who has alleged breach of financial data security of Indians using UPI services offered by big players like Amazon Pay, Google Pay and challenging the permission to WhatsApp to start UPI services.
The plea also sought directions to the Reserve Bank of India for framing regulation to ensure that data collected on UPI platforms are not "exploited" or used in any manner other than for processing payments.
On October 15, 2020 the apex court had sought responses from the Central government, RBI, National Payments Corporation of India (NPCI) and others including Google, Facebook, WhatsApp, and Amazon on the plea.
Viswam has sought directions to the RBI and the NPCI to ensure that the data collected on UPI platforms is not shared with their parent company or any other third party under any circumstances.
"In India, the UPI payments system is being regulated and supervised by RBI and NPCI, however, the RBI and the NPCI instead of fulfilling their statutory obligations and protecting and securing the sensitive data of users are compromising the interest of the Indian users by allowing the non-compliant foreign entities to operate its payment services," the plea said.
"The RBI and NPCI have permitted the three members of "Big Four Tech Giants'', Amazon, Google and Facebook/WhatsApp (Beta phase) to participate in the UPI ecosystem without much scrutiny and in spite of blatant violations of UPI guidelines and RBI regulations," it added.
The plea claimed that this conduct of RBI and NPCI put the sensitive financial data of Indian users at huge risks, especially when these entities have been "continuously accused of abusing dominance and compromising data", among other things.
After a brief hearing, the apex court posted the matter for further hearing in January, 2021.