The submission has been made by Google in its affidavit filed before a bench of Chief Justice D N Patel and Justice Prateek Jalan in response to a PIL seeking action against ‘Google Pay’.
NEW DELHI: Google India Digital Services Pvt Ltd, which operates the GPay app, has told the Delhi High Court that it is allowed to share customers transaction data with third parties with the prior permission of NPCI and payment service providing (PSP) banks.
The submission has been made by Google in its affidavit filed before a bench of Chief Justice D N Patel and Justice Prateek Jalan in response to a PIL seeking action against ‘Google Pay’ (GPay) for allegedly violating the RBI’s guidelines related to data localisation, storage and sharing.
The high court on Thursday listed the matter for hearing on November 10 as the Centre and Reserve Bank of India (RBI) have not filed their responses yet.
Google, in its affidavit, has contended that under the Unified Payment Interface (UPI) procedural guidelines, issued by the National Payments Corporation of India (NPCI), apps like GPay are permitted to share customers transaction data with third parties and group companies with prior permission of NPCI and PSP banks.
It has also said that GPay only stores ordinary customer data — like name, address, email ID and transaction related details — in accordance with the NPCI guidelines and not payment sensitive data like debit card number or UPI PIN.
A customer’s payment sensitive data is stored only on the servers of the PSP bank, it has claimed.
Also Read: Samsung Galaxy F41 to launch on October 8 in India; Flipkart listing goes live
The affidavit was filed in response to the petition by advocate Abhishek Sharma who has sought a direction to Google not to share any data from UPI switch with any other party.
Google has contended that it was complying with the NPCI procedural guidelines which govern functioning of all third party application providers (TPAPs) like GPay.
It has also claimed that the petition was not maintainable as Sharma has available to him several alternate remedies like the customer care feature in the app or approaching the NPCI in accordance with the Payment and Settlement Systems Act of 2007 or asking RBI to exercise its supervisory jurisdiction.
Google has further contended that there are other TPAPs like GPay, but the petition has been “selectively filed” against it.
Sharma, in his plea, has also sought a direction to Google to give an undertaking to not store data on its app under UPI ecosystem and further not to share it with any third party, including its holding or parent company.
The plea has claimed that the company was storing personal sensitive data in contravention of UPI procedural guidelines of October 2019, which allows such data to be stored only by PSP bank systems and not by any third party application.
Google has denied the claim, saying customers’ payment sensitive data is stored with the PSP banks and GPay only accesses it in accordance with the guidelines.
It has also denied the allegation that it accesses customers’ location to gain revenue from offering highly targeted or personalised advertising opportunities to advertisers.