New Delhi: The Delhi High Court (HC) sought Monday response of the Centre and the Reserve Bank of India (RBI) on a plea seeking action against ‘Google Pay’ for allegedly violating the central bank’s guidelines related to data localisation, storage and sharing norms.
A bench of Chief Justice DN Patel and Justice Prateek Jalan issued notices to the authorities and also Google India Digital Service Pvt Ltd on the petition. It listed the matter for further hearing September 24.
The petition sought direction to Google India Digital Service to give an undertaking to not store data on its app under UPI ecosystem and further not to share it with any third party, including its holding or parent company.
Petitioner and advocate Abhishek Sharma sought direction to the company not to share any data from UPI switch with any other party.
The plea further sought to direct the RBI to take action and impose penalty on the company for its alleged serious violations of applicable laws.
“Respondent number 3 (Google India) launched, ‘Tez’, a mobile payments service targeted at users in India which later folded into the new ‘Google Pay’ app. ‘Google Pay’ is a third party app which facilitates payment in the UPI ecosystem and is able to do the same by partnering with various PSP/acquirer banks,” the plea said.
“Further, ‘Google Pay’ is regulated by respondent number 2 (National Payment Corporation of India) which is responsible for granting permission to Payment Service Provider (PSP) as Banks and to Third Party Apps (TPAs) to operate under the UPI network,” it said.
The plea claimed that the company was storing personal sensitive data in contravention of UPI procedural guidelines of October 2019, which allows such data to be stored only by PSP bank systems and not by any third party application.
However, ‘Google Pay’ being a third party application, despite strong mandate against storing personal sensitive data, is storing the same in utter disregard to the binding UPI procedural guidelines.
The plea sought direction to the RBI to take appropriate punitive action against the NPCI and revoke its authorisation to operate and regulate the UPI payment system, on account of risking customer payments data, its failure to audit Google India Digital Service Pvt Ltd and take any steps against it despite its acts of flagrant and serious non-compliance of applicable laws.