Paytm approaches NPCI with concerns on Google Pay’s privacy policy

Indian payments major Paytm on Thursday filed a notice to the Indian retail payments organisation National Payments Corporation of India (NPCI) regarding Google Pay’s privacy policy. It highlighted the clauses in the policy that stated that the internet conglomerate "collects, stores, uses and discloses Indian user’s personal data for advertising and promotional purposes" with not just its "group of companies" but also with unnamed "third parties".

This can include a customer’s name and image in Google’s promotional material with no additional consent from the user.

YourStory reviewed the notice and Google’s privacy policy.

Speaking against the clause mentioned earlier, from Google's privacy policy, Paytm said in the notice,

“We would like to highlight a very important fact that Google Pay, which is unregulated payments platform, has the scope of using their customer’s data for their monetary gains with complete disregard of the user’s need for privacy. The critical payments data collected by them is being processed and stored outside of India which can have severe security implications in case of a data breach as their policy states that this data is also being disclosed with advertisers and third parties.”

Paytm also stated that against the backdrop of India drafting its personal data protection bill, it is an utmost concern that global companies are sharing Indian users' personal data with third-party players inside and outside the country.

In the notice addressed to Dilip Asbe, Managing Director and CEO of NPCI, Dilip Asbe, Paytm said,

“Recently, WhatsApp was directed to stop sharing user’s data with its parent company, Facebook. In the light of this, it is disconcerting that Google Pay is sharing user’s critical personal data with Google, group companies, payment participants and unnamed third parties as their policy clearly states. We believe that Google, who already has our social data, has now gained an access to the payments data, which has a scope of being used/disclosed for monetary gains, affecting the privacy of Indian users and security of the country.”

Other clauses that Paytm has taken issue with in Google Pay’s privacy policy are ‘Communication Services’ and ‘Privacy and Communication’, where that the payments app says it accesses the user’s navigation, logs and correspondence data. Google Pay further states that it reserves the right to collect, store, use and read its users' communication. In its complaint, Paytm questions Google’s need to access such private information and has raised concern over Google Pay's intent while sharing this data with its group of companies as well as third parties. The news comes on the heels of Moneycontrol reporting earlier this week that the Reserve Bank of India (RBI) may have approached the Ministry of Electronics and Information Technology with respect to its directive about payments firms storing data on local servers.

In the first week of April, the central bank, in its bi-monthly Monetary Policy Statement, made it clear that all payments system operators working in India have to ensure that data related to payments systems (operated by them) is stored in the country.

The Moneycontrol report also stated that a letter written by Google chief Sundar Pichai to Union Minister for Information Technology Ravi Shankar Prasad had recently surfaced, where he called for “free flow of data across borders”.

With October 15, RBI’s deadline for transferring data to local servers, approaching, Google has sought for extension till December to comply with the directive.