Delhi HC asks RBI, UIDAI, & Google to respond over illegally storing Aadhaar Data
The Delhi High Court (HC) has sought responses from UIDAI, RBI, and Google in a petition alleging that Google Pay is illegally collecting and storing Aadhaar and Bank details. Chief Justice DN Patel and Justice Jyoti are hearing the petition, LiveLaw reported.
Petitioner’s claims
The petitioner, Abhijit Mishra, argued that Google Pay is neither registered nor licensed to operate payment and transaction activity under the Payments and Settlement Systems Act 2007. Further, according to RBI, Google Pay is not licensed to conduct payment operations as a bank, or NBFC under the Banking Regulations Act 1949.
Further, the petitioner drew the Court’s attention to the 2019 Terms and Conditions of Google Pay that expressly declare that the company would be maintaining the parties’ payment instruction details, including bank accounts and Aadhar numbers.
To support his claim, the petitioner included RTIs filed with the UIDAI and the RBI. The RTIs revealed that Google was denied access to Aadhaar data to process payments using the BHIM AADHAAR platform. Google’s access to Aadhaar data is illegal and unconstitutional because of the lack of such authorization.
What information does Google Pay collect in its updated policy?
Aadhaar data is not mentioned in the current version of Google Pay’s terms of service for India, MediaNama reported. However, there are other privacy-related clauses in the app. Merchants, banks, third-party providers, and service providers may be given access to UPI Transaction Data by Google. Other than Google, no one else will be able to profit from this information.
Users must consent to Google storing their bank account number to receive payments with Google Pay. Google will collect data on Google Pay transactions to improve their services and provide better suggestions to consumers. Google can employ automated techniques to access messages on a user’s device to provide enhanced Google services, such as submitting OTPs. And lastly, Google may retain data that the user has deleted from the Google Pay app for legal reasons.
Google’s response
A Google spokesperson said, “The PIL alludes to a feature that was announced under the UPI Guidelines, called ‘Pay to Aadhar’ in 2017. However, the feature never went live on Google Pay. The application’s terms of service were accordingly amended to reflect that no Aadhar data of users is collected by the app.
Google in August 2020 had filed an affidavit similar to this matter. The company clarified, “Google Pay does not require or have access to a user’s Aadhaar details in any way. As a result, it does not require or have access to the Aadhaar database” ET Reported.
The matter is now listed for further hearing on 8th November 2021.
Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.
