Devise norms for payment apps, RBI told

MeitY concerned about data security

Published - December 05, 2018 12:00 am IST - NEW DELHI

The Reserve Bank of India (RBI) seal is pictured on a gate outside the RBI headquarters in Mumbai, India, in this February 2, 2016 file photo. India is preparing to pump in a higher-than-anticipated capital sum into poorly performing state banks, government sources said, a move that could see New Delhi infuse as much as $34 billion additionally and make it harder to hit planned deficit targets.  REUTERS/Danish Siddiqui/Files

The Reserve Bank of India (RBI) seal is pictured on a gate outside the RBI headquarters in Mumbai, India, in this February 2, 2016 file photo. India is preparing to pump in a higher-than-anticipated capital sum into poorly performing state banks, government sources said, a move that could see New Delhi infuse as much as $34 billion additionally and make it harder to hit planned deficit targets. REUTERS/Danish Siddiqui/Files

The Ministry of Electronics and Information Technology (MeitY) has proposed that the Reserve Bank of India (RBI) come up with regulations to oversee collection, usage and sharing of data by payment service providers, even as the government is expediting discussions on the draft Personal Data Protection Bill.

‘Sensitive data’

This follows concerns raised by the National Cyber Security Coordinator (NCSC) over collection and storage of “sensitive personal data” by payment service providers via applications such as Google Tez, WhatsApp and Paytm, a senior official of the ministry told The Hindu .

During a review meeting on digital payments in October, the NCSC pointed out that there was no agreement between the National Payments Corporation of India (NPCI), the banks and the applications that provided payment services. Additionally, there is no liability of NPCI and the payment service providers, the NCSC said. “Noting that there is a need for regulation on data flow of financial transaction, they also pointed out that there is no provision to protect the interest of the consumer against the pilferage, leakage and sharing of data, which is of sensitive nature,” the official said.

All aspects

The NCSC recommended that there was a need to scrutinise all aspects of a relation – legal, technical and financial, between all the stakeholders in the payments ecosystem. “Payments service providers must comply with legal framework as well as regulations prescribed by the regulator,” the NCSC recommended.

“The Ministry of Electronics and IT (MeitY) supports NCSC’s recommendation and has suggested that RBI should lay down regulations, that would bind the collection, usage and sharing of data, by participants in the payments arena,” the official said.

In April, this year, the RBI directed all payments service providers to ensure that the data relating to payment systems operated by them were stored only in India. This came into effect in October 2018.

In July this year, a panel headed by Justice B.N. Srikrishna submitted the draft personal data protection bill 2018. The draft bill proposed that critical personal data of Indian citizens be processed in a data centre located within the country. Additionally, it also recommended penalties on the data processor for any violation of the data protection law, besides talking about “explicit consent” and individual rights such as right to be forgotten, right of correction, updation, and data portability.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.