New Delhi: RBI has told the Supreme Court that it has no responsibility to conduct audit of members of United Payments Interface (UPI) ecosystem and responsibility to ensure that private firms like Google and WhatsApp comply with norms lie with National Payments Corporation of India (NPCI).
The Reserve Bank of India (RBI), in its affidavit filed in the top court, also said that the matters related to data privacy and data sharing come under the domain of the Central Government.
The RBI's affidavit, which also sought dismissal of the PIL, was filed in response of a plea of Rajya Sabha MP Binoy Viswam seeking direction to it to frame regulation to ensure that data collected on UPI platforms is not exploited or used in any manner other than for processing payments.
A bench comprising Chief Justice S A Bobde and Justices A S Bopanna and V Ramasubramanaian Thursday fixed the plea of the Rajya Sabha MP for hearing on February 1.
The affidavit said it is submitted that RBI's directions issued vide circular dated April 6, 2018 on storage of payment system data pertain only to payment date storage and not sharing or privacy. RBI has not issued any instructions on data sharing by TPAPs (Third Party Application Providers) or the participants of UPI. Matters related to data privacy and data sharing come under the domain of Government of India.
It also said that the responsibility to ensure that companies like Amazon, Google and WhatsApp comply with the laws and norms governing the UPI lied with NPCI and not with RBI.
The affidavit said that since NPCI is the owner and operator of the UPI, it would be more appropriate for them to respond on the status of compliance of WhatsApp with the system rules /procedural guidelines governing UPI.
It also rejected the plea of the lawmaker that the RBI was under an obligation to audit the firms engaged in UPI transactions.
It is also denied that the RBI has the responsibility to conduct audit of the members of the UPI ecosystem, it said.
The federal bank said that earlier it had not taken any disruptive action against WhatsApp and Google as they were already providing customer services and later they complied with the conditions given in the RBI's circular.
Accordingly as WhatsApp and Google were already functioning as TPAPs and providing customer services at the time of issuance of the circular, no disruptive action against them was contemplated in the interest of general public . The same approach was followed by RBI with all the non-compliant entities which are similarly placed.
It may also be noted that NPCI was advised not to permit full scale operations of WhatsApp till the time they are fully compliant with the requirements of the RBI directions. NPCI subsequently allowed 'go live' of WhatsApp on UPI only after ensuring that WhatsApp was fully compliant with the circular, the affidavit said.
Earlier, WhatsApp had denied in the court the allegations that its data can be hacked by Israeli sypware Pegasus, which had led to a controversy last year over breach of privacy following claims that Indian journalists and human rights activists were among those globally spied upon by unnamed entities.
Prior to this, the apex court On October 15 last had issued notice to RBI and others on the plea of Viswam seeking direction for framing regulation to ensure that data collected on UPI platforms is not exploited or used in any manner other than for processing payments.
It had also sought responses of the Centre, Reserve Bank of India (RBI), National Payments Corporation of India (NPCI) and others including Google Inc, Facebook Inc, WhatsApp and Amazon Inc on the plea.