The Supreme Court Monday asked instant messaging app WhatsApp to file response on a plea seeking a direction to the RBI and the NPCI to ensure that data collected on Unified Payments Interface (UPI) platforms are not shared with their parent company or any other third party under any circumstances.
A bench of Chief Justice S A Bobde and Justices A S Bopanna and V Ramasubramanian said if WhatsApp does not file its reply, then the averment made in the writ petition filed by petitioner Rajya Sabha MP Binoy Viswam will be taken as accepted.
Several interlocutory applications have been filed in the plea which also seek direction for framing regulation to ensure that data collected on UPI platforms is not exploited or used in any manner other than for processing payments.
Senior advocate Arvind Dattar, appearing for WhatsApp India, said however no formal notice has been issued to it in the plea for impleadment in the matter.
Senior advocate V Giri, appearing for Reserve Bank of India, informed the top court that they have filed their reply in the matter.
Senior advocate Kapil Sibal, also appearing for WhatsApp, said ‘WhatsApp Pay’ has received all necessary permission.
Senior advocate Krishna Venugopal, appearing for the petitioner, said the last time the court asked the company if Israeli sypware Pegasus has breached their system, it stated that the issue was not pleaded in the petition, which is wrong.
The bench said that it proposes that the petition be tagged with a similar plea pending in the top court and asked the Centre to file an affidavit on the issue of spyware.
Venugopal said that till date Facebook and WhatsApp have not filed a counter-affidavit in the matter, despite the petition being pending for months and they should also be asked to file counter-affidavit.
In its affidavit, the RBI has told the top court that it has no responsibility to conduct audit of members of United Payments Interface (UPI) ecosystem and responsibility to ensure that private firms like Google and WhatsApp comply with norms lies with National Payments Corporation of India (NPCI).
The RBI also said that the matters related to data privacy and data sharing are the domain of the central government.
It also sought dismissal of the PIL filed by Viswam seeking direction to it to frame regulation to ensure that data collected on UPI platforms is not exploited or used in any manner other than for processing payments.
The affidavit said: It is submitted that RBI’s directions issued vide circular dated April 6, 2018 on storage of payment system data pertain only to payment date storage and not sharing or privacy.
RBI has not issued any instructions on data sharing by TPAPs (Third Party Application Providers) or the participants of UPI. Matters related to data privacy and data sharing come under the domain of Government of India.
It said that since NPCI is the owner and operator of the UPI, it would be more appropriate for them to respond on the status of compliance of WhatsApp with the system rules /procedural guidelines governing UPI”.
Earlier, WhatsApp had denied in the court the allegations that its data can be hacked by Israeli sypware Pegasus, which had led to a controversy last year over breach of privacy following claims that Indian journalists and human rights activists were among those globally spied upon by unnamed entities.
Prior to this, the apex court on October 15, last year had issued notice to RBI and others on the plea of Viswam seeking direction for framing regulation to ensure that data collected on UPI platforms is not exploited or used in any manner other than for processing payments.
It had also sought responses of the Centre, RBI, NPCI and others including Google Inc, Facebook Inc, WhatsApp and Amazon Inc on the plea.
The RBI and NPCI have permitted the three members of ‘Big Four Tech Giants’ i.e. Amazon, Google and Facebook/WhatsApp (Beta phase) to participate in the UPI ecosystem without much scrutiny and in spite of blatant violations of UPI guidelines and RBI regulations, the plea has claimed.
The plea has alleged that this conduct of RBI and NPCI put the sensitive financial data of Indian users at huge risks, especially when these entities have been continuously accused of abusing dominance and compromising data , among other things.
It said these allegations have become particularly worrisome at a time when India has banned host of Chinese applications on the ground that those applications were or could be used for data theft and could lead to security breaches.
It has further sought a direction that RBI and NPCI should ensure that WhatsApp is not permitted to launch full scale operations of ‘WhatsApp Pay’ in India without fulfilling all legal compliances to the satisfaction of the court regarding requisite regulatory compliances.