NPCI Not RBI Responsible To Ensure UPI Platforms Comply With Regulations : Reserve Bank Tells Supreme Court
In an Affidavit filed in a plea by Rajya Sabha MP from Communist Party of India, Binoy Viswam, the RBI has submitted that the responsibility to ensure that companies like Amazon, Google and WhatsApp to operate in compliance with laws governing Unified Payments Interface (UPI) lies with National Payments Corporation of India (NPCI), and not RBI. The plea in the instant matter seeks...
In an Affidavit filed in a plea by Rajya Sabha MP from Communist Party of India, Binoy Viswam, the RBI has submitted that the responsibility to ensure that companies like Amazon, Google and WhatsApp to operate in compliance with laws governing Unified Payments Interface (UPI) lies with National Payments Corporation of India (NPCI), and not RBI.
The plea in the instant matter seeks for directions to RBI and NPCI to ensure that the data of Indian citizens collected on Unified Payments Interface (UPI) platforms was not misused by WhatsApp, Google, Amazon and Facebook.
In this context, the Affidavit submits that the RBI has not given approval or authority to Third Party App Provider (TPAP) and therefore, they cannot be defined as "system providers" as per Section 2(q) of the Payment and Settlement Systems Act, 2007. Consequently, they do not fall under the regulatory domain of RBI directly.
"On the other hand, NPCI is the system provider of UP and, therefore, comes under the regulatory radar of RBI. Since it was NPCI that allowed Amazon, Google and WhatsApp to operate under UPI, the responsibility to ensure that these entities to comply with all the Rules/Regulations/Guidelines governing UPI lies with NPCI", contends the Affidavit.
It has also been submitted that RBI's directions issued vide circular dated April 6, 2018 on Storage of Payment System Data pertain only to payment data storage and not data sharing or privacy – "RBI has not issued any instructions on data sharing by TPAPs or the participants of UP. Matters related to data privacy and data sharing come under the domain of Government of India".
Further, the Affidavit states that the NPCI has been advised to not permitfull scale operation with regard to WhatsApp till the time they were full compliant with the requirements of the RBI directions – "NPCI subsequently allowed 'go live' of WhatsApp on UPI only after ensuring that WhatsApp was fully compliant with the circular".
In light of the above, the Affidavit prays that the reliefs sought by the Petitioner does not lie against RBI.
Filed by Advocate-on-Record Sriram Parakkat, the plea seeks for "the protection of fundamental right to privacy of millions of Indian citizens who are using Unified Payments Interface (UPI)". Notice was issued by the Supreme Court on 15th October, 2020.
Stating that in India, the UPI system is regulated and supervised by Respondents Reserve Bank of India and National Payments Corporation of India, the plea contends that they have failed to fulfil their statutory obligations of protecting and securing the sensitive data of users, thereby comprising their interest by allowing non-compliant foreign entities to operate its payment services in India.
The plea goes on to submit that RBI and NPCI "have permitted the three members of 'Big Four Tech Giants' i.e. Amazon, Google and Facebook/WhatsApp (Beta phase) to participate in the UPI ecosystem without much scrutiny and inspite of blatant violations of UPI guidelines and RBI Regulations".
This conduct of the two authorities, submits the plea, invariably puts the sensitive financial data of Indian users at huge risk, especially in light of the fact that the Big Four Tech Giants have been "continuously accused of abusing dominance, and compromising data, among other things". There is also a reference to the fact that CEOs of these entities had been directed to testify in a hearing before the Judiciary Committee of US Congress.
The Supreme Court on Thursday adjourned the hearing to February 1.
Click Here To Download Affidavit
[Read Affidavit]