Google has responded to the concerns saying,
"Google Pay users have a direct relationship with Google - as per Google Pay terms of service a Google Account is opened with Google LLC. A common Google Account allows for checks and controls required for managing risk, fraud, spam, and for enhancing security measures, that are applied across Google products. It runs as a common thread across Google products allowing for seamlessness of service that a user can avail of and benefit from. Google does not use any individual UPI transactions data for any monetisation purpose e.g. for advertisements."
It further added,
"Google Pay shares user data as may be required for the purpose of processing transactions or providing Google Pay Services with our authorised partners. These include participating banks, banks on UPI infrastructure, bill aggregators, merchants on the Google Pay for Business program and with whom the users are transacting and billers such as utility services etc. Sharing of this information is in accordance with the applicable laws and requisite consent obtained from the user and in conformity with standard industry practice."
‘… Your (Consumer’s) UPI Transaction Data will not be used for any monetisation purpose (eg. for advertisements) by any entity other than Google.’
Google Pay also made some additional changes to the langauge of its policy after yesterday's notice.
The news comes on the heels of Moneycontrol reporting earlier this week that the Reserve Bank of India (RBI) may have approached the Ministry of Electronics and Information Technology with respect to its directive about payments firms storing data on local servers.
In the first week of April, the central bank, in its bi-monthly Monetary Policy Statement, made it clear that all payments system operators working in India have to ensure that data related to payments systems (operated by them) is stored in the country.