Google India digital services, which operates the google pay app, has told the Delhi high court that it is allowed to share customers transaction data with third parties with the prior permission of NPCI and payment service providing (PSP) banks.
The submission has been made by google in its affidavit filed before a bench of chief justice DN Patel and justice Prateek Jalan in response to a PIL seeking action against google pay for allegedly violating the RBI’s guidelines related to data localization, storage and sharing.
Google in its affidavit, has contended that under the UPI procedural guidelines, issued by the NPCI, apps like google pay are permitted to share customers transaction data with third parties and group companies with prior permission of NPCI and PSP banks.
It has also said that google pay only stores ordinary customer data like name, address, email ID and transaction related details in accordance with the NPCI guidelines and not payment sensitive data like debit card number or UPI PIN.
The customers payment sensitive data is stored only on the servers of the PSP bank as claimed. The affidavit was filed in response to the petition by advocate Abhishek Sharma who has sought a direction to google not to share any data from UPI switch with any other party.
The plea has claimed that the company was storing personal sensitive data in contravention of UPI procedural guidelines of October 2019, which allows such data to be stored only by PSP bank systems and not by any third party application.
Google has denied the claim, saying customers payment sensitive data is stored with the PSP banks and google pay only accesses it in accordance with the guidelines. It also denied the allegation that it accesses customers location to gain revenue from offering highly targeted or personalized advertising opportunities to advertisers.