Following the Israeli spyware Pegasus hacking incident, the Reserve Bank of India (RBI) has told the Supreme Court that the messaging platform WhatsApp is non-compliant with data localisation norms.
The apex bank has directed the National Payments Corporation of India (NPCI) to not allow a full-scale launch of the payments service in India by the Facebook-owned company.
NPCI manages Unified Payments Interface (UPI), which clocked over a billion transactions last month. PhonePe and Google Pay are said to be the leading players in UPI followed by Paytm and Amazon Pay.
WhatsApp Payments, which is based on UPI, has been in a beta stage for about a year. In 2017, the company started testing the payments service in India through an invite-only model.
Since then, without the approval from the government, WhatsApp Pay is limited to around one million users. However, it is yet to officially launch the payments service in India.
The development comes as the Supreme Court had recently asked RBI to update it on WhatsApp’s data localisation status in August.
“The RBI has examined the said reports (by NPCI) and the responses of NPCI and is of the considered view that WhatsApp is storing the following payment data elements outside India beyond the permitted timelines indicated in the circular and frequently asked questions (FAQs) on storage of payments system data issued by RBI on June 26, 2019,” said RBI, as quoted by Times of India.
Further, NPCI has been advised by RBI not to permit WhatsApp to go live for full-scale operations on UPI payments system until the time it are fully compliant, it added.
According to RBI, WhatsApp payments service is storing various payment data outside India, including transaction ID, expiry of collect request, and retrieval reference numbers, among other data elements.
WhatsApp has over 1.5 billion users globally, of which India accounts for about 400 million users alone.
(Edited by Saheli Sen Gupta)