Delhi HC seeks Centre, RBI reply on plea for alleged violation of guidelines by Google Pay

New Delhi, August 24: The Delhi High Court Monday sought response of the Centre and the Reserve Bank of India (RBI) on a plea seeking action against Google Pay for allegedly violating the central bank’s guidelines related to data localisation, storage and sharing norms.

A bench of Chief Justice D N Patel and Justice Prateek Jalan issued notices to the authorities and also Google India Digital Service Pvt Ltd on the petition and listed the matter for further hearing on September 24, news agency PTI reported.

The petition sought direction to Google India Digital Service to give an undertaking to not store data on its app under UPI ecosystem and further not to share it with any third party, including its holding or parent company.

Petitioner and advocate Abhishek Sharma sought direction to the company not to share any data from UPI switch with any other party. The plea further sought to direct the RBI to take action and impose penalty on the company for its alleged serious violations of applicable laws.

“Respondent number 3 (Google India) launched, Tez’, a mobile payments service targeted at users in India which later folded into the new Google Pay’ app . Google pay’ is a third party app which facilitates payment in the UPI ecosystem and is able to do the same by partnering with various PSP/acquirer banks,” the plea said.

“Further, Google Pay’ is regulated by respondent number 2 (National Payment Corporation of India) which is responsible for granting permission to Payment Service Provider (PSP) as Banks and to Third Party Apps (TPAs) to operate under the UPI network,” it said.

The plea claimed that the company was storing personal sensitive data in contravention of UPI procedural guidelines of October 2019, which allows such data to be stored only by PSP bank systems and not by any third party application.

However, Google Pay’ being a third party application, despite strong mandate against storing personal sensitive data, is storing the same in utter disregard to the binding UPI procedural guidelines.

The plea sought direction to the RBI to take appropriate punitive action against the NPCI and revoke its authorisation to operate and regulate the UPI payment system, on account of risking customer payments data, its failure to audit Google India Digital Service Pvt Ltd and take any steps against it despite its acts of flagrant and serious non-compliance of applicable laws.

It said Google pay by way of “Combined Google Pay Terms” is openly sharing it with its own group companies as well third parties and is also monetising the same.

The plea also claimed that Google India Digital Service pvt Ltd, vide its product Google Pay’, seeks to access the location of the users in the name of security and uses the same to gain revenue from offering highly targeted or personalised advertising opportunities to advertisers.