In a counter-affidavit (“Affidavit”) filed by the Reserve Bank of India (“RBI”) in the case of Binoy Viswam v. Reserve Bank of India and Others [Writ Petition (C) 1038 of 2020], the RBI contends that the duty to ensure that companies such as Google Inc., Facebook’s new payment platform- WhatsApp Pay and Amazon, comply with regulations governing United Payments Interface (“UPI”) lies with the National Payments Corporation of India (“NPCI”) and not the RBI. The case pertains to public interest litigation filed by a member of the Indian parliament, Mr. Viswam, who has submitted that big technology companies are violating payments regulation and that their data collection practices violate the fundamental right to privacy of millions of Indian citizens. Mr. Viswam’s complaint was set to be heard by the Supreme Court of India on February 1, 2021, which has now been deferred for 4 (four) weeks. In the meantime, the respondents, which include the RBI, NPCI, Amazon Pay, Google Pay, and Facebook Inc., shall be filing their counter-affidavits with the court.
RBI’s Contention
The RBI has submitted in the Affidavit that the regulation of modern payment systems is a highly technical subject and any measure relating to the same needs to be taken with the utmost care. The RBI states that UPI, which is developed by the NPCI, works on a bank-led model and hence other non-banks such as WhatsApp Pay, Amazon Pay, and Google Pay cannot be direct participants of the UPI but have to be sponsored by a bank. Hence, such entities operate as Third-Party App Providers (“TPAPs”) and the RBI does not give any authorisation or approvals to such TPAPs as they are not ‘system providers’ under section 2(q) of the Payment and Settlement Systems Act, 2007. Therefore, such entities do not fall under the regulatory domain of the RBI. In this regard, it is the NPCI that provides for such authorisations and decisions to allow or reject an entity to operate on UPI is solely taken by the NPCI. The NPCI, however, is a systems provider of the UPI and would come within the regulatory authority of the RBI. In this regard, the RBI submitted that since it was the NPCI that provided authorisations to Google Inc., WhatsApp Pay, and Amazon Pay to operate on UPI, the duty to ensure compliance with all rules and regulations lies with the NPCI. In reply to Mr. Viswam’s contention that regulators are not toughening on entities such as WhatsApp Pay and Google Pay, which also has data privacy infringement risks, the RBI submitted that matters relating to data privacy and sharing come under the authority of the Government of India and not the RBI. In this regard, the RBI had issued a circular dated April 6, 2018, which stated that systems providers should ensure that all data relating to payments systems should be stored in India. However, the RBI submitted that this circular does not relate to data sharing or data privacy concerns, and pertains only to payments data storage.
BlockSuits Comments
It has been alleged in the complaint that the regulators are compromising the interest of Indian users by allowed such foreign entities to operate their payment services in India. Mr. Viswam’s complaint is based on big technology companies gaining access to large amounts of personal data and using their dominant position in the market for fulfilling their commercial purposes, a contention which has been relied on by various complaints against big technology companies, not only in India but also in countries such as Australia and United States.
Authored by Shivani Agarwal, Founder, and Samaksh Khanna, Co-founder.
Comments