The Hon’ble Supreme Court on Monday sought a firm reply from instant messaging app WhatsApp to file a response to safeguard all the UPI (Unified Payments Interface) data and ensure that data collected on the platform is not leaked or shared with its parent company or any other third party under any circumstances.
The bench comprising Chief Justice S A Bobde and Justices A S Bopanna and V Ramasubramanian said if WhatsApp does not file its reply, then the averment made in the writ petition filed by petitioner Rajya Sabha MP Binoy Viswam will be granted assertion.
Several interlocutory applications have been recorded and filed that seek directions to look for outlining guidelines and framing regulations to guarantee that information gathered on UPI platforms isn’t “exploited” or utilized in any way other than for processing payments.
Senior Advocate V Giri, appearing for Reserve Bank of India, informed the top court that they have filed their reply in the matter whereas Senior advocate Arvind Datar, representing WhatsApp India said that no formal notice has been issued to it in the plea for impleadment in the matter.
Senior advocate Kapil Sibal, also appearing for WhatsApp, said ‘WhatsApp Pay’ has received all necessary and due permissions.
Senior Advocate Krishna Venugopal, appearing for the petitioner, said the last time the court inquired as to whether Israeli spyware Pegasus had breached their framework and system, it expressed that the issue was not argued or carried in the appeal, which is wrong.
The bench said that it suggests that the appeal be labelled with a similar pending plea from top court and requested the Center to file an affidavit on the issue from spyware.
Venugopal also stated that till date Facebook and WhatsApp have not filed a counter-affirmation in the issue, in spite of the request being pending for quite a long time and they should also be asked to file counter-affidavits.
In its affidavit, the RBI has told the top court that it has no duty to lead “audit of members of United Payments Interface (UPI) ecosystem” or has any obligation to check that private firms like Google and WhatsApp follow the standards that lie with National Payments Corporation of India (NPCI). The RBI also said that the matters related to “data privacy and data sharing” are the domain of the central government.
Dismissal is also sought for the PIL filed by Viswam seeking direction to it to frame regulation to ensure that data collected on UPI platforms are not “exploited” or used in any manner other than for processing payments.
The affidavit in the matter stated, “It is submitted that RBI’s directions issued vide circular dated April 6, 2018 on storage of payment system data pertain only to payment date storage and not sharing or privacy”.
The affidavit also mentions that RBI has not issued any instructions on Third Party Application Providers or participants of UPI and the matters related to data privacy and data sharing come under the domain of Government of India.
It said that since NPCI is the owner and operator of the UPI, it would be more appropriate for them to react on the status of “consistence / compliance of WhatsApp with the rules/procedural rules overseeing UPI”.
Earlier, WhatsApp had denied in the court the charges that its information can be hacked by Israeli spyware Pegasus, which had prompted a controversy a year ago over breach of security and privacy following cases that Indian journalists and activists were among those internationally spied upon by anonymous entities.
Last Year on October 15, 2020 the Apex Court had also issued notice to RBI and others on the plea of Viswam seeking direction for framing regulation to ensure that data collected on UPI platforms is not misused other than for processing payments and had sought a response from the Centre, RBI, NPCI and others including Google Inc, Facebook Inc, WhatsApp and Amazon Inc on the plea.
The plea has affirmed that this conduct of RBI and NPCI put the delicate monetary or financial information of Indian clients at immense risk, particularly when these entities have been “continuously accused of abusing dominance and compromising data”, among other things.” and the allegations became more worrisome when India had restricted the host of Chinese applications on the ground that those applications were or could be utilized for information theft and could prompt security breaches.
The SC has further sought a direction that RBI and NPCI should ensure that WhatsApp is not permitted to launch full-scale operations of ‘WhatsApp Pay’ in India without first fulfilling all legal compliances to the satisfaction of the court regarding requisite any regulatory compliances.