RBI To Supreme Court: Whatsapp Not Compliant With Local Norms And Must Not Get Nod To Start Payments Business
[ By Bobby Anthony ]The Reserve Bank of India (RBI) has informed the Supreme Court that the Facebook- owned WhatsApp messaging platform is not compliant with Indian data localization norms and hence cannot be allowed to set up its digital payments service in India.The RBI has also directed the National Payments Corporation of India (NPCI) not to allow a full-scale launch of digital...
The Reserve Bank of India (RBI) has informed the Supreme Court that the Facebook- owned WhatsApp messaging platform is not compliant with Indian data localization norms and hence cannot be allowed to set up its digital payments service in India.
The RBI has also directed the National Payments Corporation of India (NPCI) not to allow a full-scale launch of digital payments business by WhatsApp on the Unified Payments Interface (UPI) until it fully complies with local Indian norms.
“The RBI has examined the said reports (by NPCI) and the responses of NPCI and is of the considered view that WhatsApp is storing the following payment data elements outside India beyond the permitted timelines indicated in the circular and frequently asked questions (FAQs) on storage of payments system data issued by RBI on June 26, 2019,” the RBI has stated.
According to the RBI, WhatsApp stores various payment data elements outside India which include transaction ID, expiry of collect request, and retrieval reference number among other data elements.
“When a customer raises a dispute, WhatsApp application (client) logs, query screenshots uploaded by a customer, and consumer email message are shared with the support team located in Hyderabad and USA and are stored for a period of 90 days. Although the logs do not contain payment data as contended by auditor, screenshots uploaded by customers and customer email message may contain payment data,” the RBI stated.
While WhatsApp has sued Israel’s NSO group in a US district court for placing spyware ‘Pegasus’ on its users across the world, including India, the matter has raised serious questions over the security of the platform for users and their data. However, RBI’s response does not mention the spyware attack.
The Supreme Court had asked the RBI to update it about WhatsApp’s data localization compliance status, back in August.
Earlier, a think tank called the Centre for Accountability and Systemic Change (CASC) had filed a petition in the Supreme Court challenging WhatsApp’s compliance standards and absence of a local grievance officer in India and the RBI was made a party to it.
The latest development would hit WhatsApp’s plan to set up a digital payments service in India on the UPI network.