The news comes amidst the clamour in the Indian startup ecosystem supporting the government’s data localisation policy.
“Google Pay, which is an unregulated platform, has the scope of using their customers’ data for their monetary gains with complete disregard for the users’ need for privacy,” Paytm wrote in a letter addressed to NPCI chief executive Dilip Asbe.
Paytm also brought in focus Google‘s sharing and storing of data outside India, presenting severe security implications in case of a data breach. While India focuses on data protection laws, Google is being allowed to share data with group companies and other third-party entities outside India.
“Recently, WhatsApp was directed to stop sharing users’ data with its parent company, Facebook. In light of this, it is disconcerting that Google Pay is sharing its users’ critical personal data with Google, group companies, payment participants,” the letter further added.
Explaining its stance in reply to Paytm’s letter, Google Spokesperson said, “Google Pay users have a direct relationship with Google — as per Google Pay terms of service a Google Account is opened with Google LLC. A common Google Account allows for checks and controls required for managing risk, fraud, spam and for enhancing security measures, that are applied across Google products. It runs as a common thread across Google products allowing for seamlessness of service that a user can avail of and benefit from. Google does not use any individual UPI transactions data for any monetisation purpose e.g. for advertisements.”
Paytm also batted for the need of a strong consumer data protection framework that addresses the privacy concerns of the Indian citizens and accords level playing field for all the involved players in the segment.
Alibaba has come in support of Paytm, in regards to the data localisation, and is keen on data localisation in every country, in order to foster data security.
It is to be noted that the letter comes after Justice BN Srikrishna panel has submitted its recommendations and the draft data protection bill, focusing on data localisation.
The draft bill seeks to ask multinational companies operating in India to store the data regarding Indian users to be stored in data servers located in India. This move seeks to protect sensitive and private data of the Indian citizens.
This is expected to affect the future plans of these companies they now have to factor in the additional costs of setting up data centres in India, in order to carry on their business.
Apart from this, RBI has further added to these companies woes by giving them a six-month deadline, that expires on October 15, to ensure that all payment system providers store data related to India users on servers inside the country.
It is to be seen how the data localisation initiative of the Indian government affects the Indian startups ecosystem and helps with the privacy issue in the country.