Print Friendly, PDF & Email

Google Pay violation: HC seeks reply from govt. RBI

Topics Covered: Awareness in the fields of IT, Space, Computers, robotics, nano-technology, bio-technology and issues relating to intellectual property rights.

Google Pay violation: HC seeks reply from govt., RBI:


Context:

The Delhi High Court has sought response of the Centre and the Reserve Bank of India (RBI) on a plea seeking action against ‘Google Pay’ for allegedly violating the central bank’s guidelines related to data localisation, storage and sharing norms.

What’s the issue?

A petition was filed in the court seeking to impose penalty on the company for alleged violations of laws.

The plea claimed that the company was storing personal sensitive data in contravention of UPI procedural guidelines of October 2019, which allows such data to be stored only by Payment Service Provider [PSP] bank systems and not by any third-party application.

A timeline of the RBI’s localisation mandate for payments data:

  1. April 2018: the localisation circular surfaces: The RBI told all payments system operators in India to ensure that payments-related data was stored within the country and gave the companies six months to comply. The RBI wanted data stored locally “to have unfettered access to all payment data for supervisory purposes”.
  2. July 2018, Finance ministry tries to step in: The Finance Ministry eased the RBI’s directive for foreign payment firms, saying that mirroring a copy of the data in India would be sufficient.
  3. In July, the Data Protection Bill mandated localisation:The long-awaited draft Data Protection Bill 2018 was submitted to the government, adding to the confusion. The bill overrode all sectoral regulators and therefore all their directives. It mandated that all data fiduciaries store a copy of users’ personal data in India. It also required mandatory storage of ‘critical personal data’ within India only. The bill, however, failed to explicitly define ‘critical data’.
  4. September 2018, RBI asks for updates on local storage: The RBI asked payment companies to send it fortnightly updates about their progress on local storage of payments data.
  5. October 2018, RBI circular comes into effect: The RBI’s circular on localisation of payments data came into effect.
  6. February 2019:The Department for Promotion of Industry and Internal Trade released a Draft E-commerce Policy, which included strategies for regulating access to data, mandating data storage requirements, and controlling cross-border data flows. Data localisation may now be left out of the e-commerce policy, and left to the jurisdiction of the Data Protection Bill.

Why data localization is necessary for India?

  • For securingcitizen’s data, data privacy, data sovereignty, national security, and economic development of the country.
  • The extensive data collection by technology companies, has allowed them to process and monetize Indian users’ data outside the country. Therefore, to curtail the perils of unregulated and arbitrary use of personal data, data localization is necessary.
  • With the advent of cloud computing, Indian users’ data is outside the country’s boundaries, leading to a conflict of jurisdiction in case of any dispute.

InstaLinks:

Prelims Link:

  1. What is data localisation?
  2. What is Unified Payments Interface?
  3. Overview of the Personal Data Protection Bill, 2019.
  4. National Payments Corporation of India- Key Functions.

Sources: the Hindu.