A PIL has been filed by Rajya Sabha MP, BinoyViswam in the Supreme Court seeking protection of financial data of Indian Citizens collected on Unified Payments Interface (UPI) platforms which is misused by corporations.
Appealing the Right to Privacy of all Indians using this platform, it is affirmed that the Reserve Bank of India (RBI) and National Payments Corporations of India (NPCI) to come up with regulations and are statutorily obligated for the protection of sensitive information and data of these users. On the contrary, the PIL is filed against Google, Amazon, WhatsApp alleging that they are not complying with the operating payments system in India and are allowed to operate services by RBI and NPCI. Thus, it is submitted that instead of securing the data of Indian users and protecting their Right to Privacy, despite alleged violations of UPI guidelines, the RBI and NPCI compromising the interest of people & its citizens, putting the sensitive financial data of users at high risk.
The Central Bank has been directed to follow the regulations and has adequate measures to avoid misuse and mislead of personal data derived from the UPI transactions.
In the advancement of his concern, the Communist Party (CPI) leader affirms with confidence that giant corporations such as WhatsApp, Amazon, and Google were in a simple and sparse way scrutinized and inspected before participating in the UPI ecosystem despite violations of RBI regulations. Such giant corporations having a history of misusing their dominating position and compromising data collected on their platforms, it is further prayed that RBI and NPCI be directed to ensure data collected by such corporations during payment facilitation is not shared with the parent company or any third parties under any circumstances.
Viswam dramatizes allowing these giants, who are known to misuse data and go against their statement, without proper inspection and without affixing responsibility, to operate on the UPI platform is contrary to the public interest. Providing evidence to support this argument, it is pointed out that India recently banned a number of Chinese Applications due to their potential risk of data theft and security violations.
The RBI and NPCI did not only fail to actively look into these corporations before allowing them to operate on UPI, the petitioner argue that RBI issued certain FAQs with regard to a circular from April 2018 in order to help these corporations comply with certain conditions which needed to be complied with for the operation of UPI services. Specifically mentioning Google and WhatsApp, Viswam elaborates that the FAQ’s outgiving certain necessary conditions that needed to be complied with in accordance with the April 2018 circular.
Claiming that these FAQ’s are Ultra Vires the circular of April 2018, it is urged that participants must follow the requirements of the said circular in letter and spirit.
The petition filed by advocate Sriram Parakkat highlighted that it was WhatsApp’s admitted position as on June 5 this year that it was yet to comply with data localization norms and added that RBI and NPCI still failed to take any action against the WhatsApp.
Therefore, specifically with regard to the messaging applications, he prayed that it should not be permitted to launch its full-scale payment service until all the requirements and norms are complied with.