|WhatsApp has been, since long, facing a battle of Israeli spyware (Pegasus) controversy over granting access to a few select individuals phone through malware which enters a users phone through video calls.|
Meanwhile Reserve bank of India too had a sour news for WhatsApp saying that WhatsApp cannot start payment business. Reserve bank of India has told Supreme Court that the messaging platform is not compliant with data localization norms and National Payments Corporation of India(NPCI) has been directed to not allow a full scale launch of payment business by WhatsApp through UPI(United Payments Interface).
NPCI is a umbrella organisation for operating retail payments and settlements systems in India. UPI transactions are also managed by NPCI.
Supreme Court had actually asked Reserve Bank of India to update to WhatsApp data localization status. Reserve Bank of India has responded to Supreme Court as well as NPCI Managing Director and CEO asking them to not allow WhatsApp payments system launch in India.
Meanwhile, CASC (Centre for Accountability and Systematic Change), a think tank focused to transform governance in India has also filed a petition with Supreme Court challenging WhatsApp`s compliance standards and absence of local grievance officer in India. The rejection by RBI puts an end to WhatsApp plan of launching payments systems through UPI.
Earlier this year, WhatsApp’s global head Will Cathcart responded saying that the company has its business centered around India, its largest market with 400 million monthly active users. He also said that the company is fully complaint to the local laws and standards.
As per the reports of NPCI on WhatsApp, it is being viewed that WhatsApp is storing payment related information outside India beyond the permitted timelines as mentioned in the FAQ document on storage of payment systems data issued by Reserve Bank of India on June 26 2019. The data includes transaction ID, expiry of collect request, retrieval reference number etc. According to RBI, when a customer raises a dispute, WhatsApp application layer stores the query description, screenshots uploaded by customer and the email which is then shared with the support team based out of Hyderabad and USA. This data is then store for 90 days. It is being argued that the screen shots shared by customer might contain payment related data.
WhatsApp has already sued Israeli’s NSO in a US district court over matter related to putting spyware on some users phones. However this does not stop the questions which are being raised over the platforms data security.