Industr

GPay allowed to share customer’s UPI data under law: Google

A customer’s payment sensitive data is stored only on the servers of the PSP bank, Google has claimed. Photo: Twitter/@GooglePay  

Google India Digital Services Limited on Thursday told the Delhi High Court that its GPay App, being a TPAPs (Third Party Application Providers), is allowed under the law to share customer’s UPI (Unified Payments Interface) transaction data with third parties and group companies.

In an affidavit, Google India said the National Payments Corporation of India’s (NPCI) ‘procedural guidelines’ do not impose an absolute prohibition or restriction on a TPAP’s ability to share data or information, if it was done with prior permission of the NPCI and the bank concerned.

It said the NPCI’s procedural guidelines make a clear distinction between ‘Customer Data’ (name, mobile number, gender, address, email ID, location etc.) and ‘Customer Payment Sensitive Data’ (account number, expiry date of debit card, last six digits of debit card, UPI PIN etc.).

Google India said while it was permitted to store ‘Customer Data’ it was not permitted to store ‘Customer Payment Sensitive Data’.

Location info

Google India further stated that it collects location information from the customers for the purpose of detecting suspicious activities and fraud. It said there is no regulatory or statutory prohibition on GPay from accessing, collecting, storing and processing the location data of the customers for transactional security.

It also stated that GPay terms of service clearly say that UPI transaction data will not be used for any monetisation purpose such as advertisements by any entity other than Google India.

The tech-giant’s submission came in response to a petition by advocate Abhishek Sharma seeking action against GPay for allegedly violating the central bank’s guidelines related to data localisation, storage and sharing norms.

The plea claimed that the company was storing personal sensitive data in contravention of UPI procedural guidelines of October 2019, which allows such data to be stored only by Payment Service Provider (PSP) bank systems and not by any third party application.

The plea sought direction to the RBI to take appropriate punitive action against the NPCI and revoke its authorisation to operate and regulate the UPI payment system, on account of risking customer payments data, its failure to audit Google India Digital Service Pvt Ltd and take any steps against it despite its acts of flagrant and serious non-compliance of applicable laws.

The High Court will hear the case on November 10.

Comments
Related Articles
Recommended for you
  1. Comments will be moderated by The Hindu editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.

Printable version | Sep 25, 2020 12:52:15 AM | https://www.thehindu.com/business/Industry/allowed-to-share-gpay-customer-transaction-info-with-third-parties-with-npci-permission-google-to-bombay-hc/article32686687.ece

© THG PUBLISHING PVT LTD.

Next Story