Google appealed to Delhi High Court: Permit to Share GPay customer transaction data with NPCI approval
Google India Digital Services operating the Google Pay app, has informed the Delhi High Court that it is legal to share transaction data of the customers with third parties. It is possible with the prior authorization of payment service providing (PSP) and NPCI banks.
Before a bench of Justice Prateek Jalan and Chief Justice D N Patel, this report is submitted by Google in its affidavit filed in the response to a PIL looking for action against Google Pay for supposedly violating the RBI’s guidelines linked to data storage, localization, and sharing.
The next date for hearing the case is on November 10 by the high court. The reason is that the Reserve Bank of India (RBI) has not filed their replies yet. In an affidavit, Google has challenges that under the Unified Payment Interface (UPI) technical guidelines, approved by the National Payments Corporation of India (NPCI). An application such as Google Pay is allowed to share the transaction data of the customers with the third parties and group companies without prior permission of PSP and NPCI banks.
It has also stated that Google Pay can store the normal data of the customer such as name, address, email ID, and transaction linked information according to the guidelines made by NPCI and not payment sensitive information such as UPI PIN or debit card number. It has been claimed that the sensitive data of the customer payment can be stored just to servers of the PSP bank.
The affirmation was filed to answer to the petition made by advocate Abhishek Sharma who has wanted a direction to Google not to allocate any data from UPI switch with more parties. Google has challenged that it was meet the terms with the NPCI procedural guidelines which administer the functioning of third-party application providers (TPAPs) such as Google Pay.
It has also claimed that the appeal was not maintainable as Sharma has accessible to him numerous interchange remedies such as the customer care characteristic in the app or contacting the NPCI according to the Payment and Settlement Systems Act of 2007 or asking RBI to work out its decision-making authority.
Google has additionally contended that there are additional TPAPs such as Google Pay, but the appeal has been “selectively filed” favored it.
In his appeal, Sharma has also sought after a direction to Google to provide a responsibility to not store information on its app under UPI bionetwork and additionally not to share it with any third party which includes the parent of the holding company. The appeal also claimed that the company was storing the sensitive personal data in breaking of the UPI procedural strategy of October 2019, which permits the data to be stored just through PSP bank systems and not through the third party application.
Google has withdraw the claim, saying customers’ reimbursement sensitive data is stored with the Google Pay and PSP banks to access it as per the guidelines. Moreover, it has even denied the claim that it accesses the location of the customers’ to increase revenue from providing the best personalized and targeted advertising opportunities to promote.
