Source: TNN | By Digbijay Mishra
Incidentally, sources in the regulatory body National Payments Corporation of India (NPCI) said WhatsApp, which has over 200 million active users in the country, is yet to commit to an official timeline to be fully compliant.
WhatsApp has identified a third-party company to audit its payments system for data-localisation compliance here, the popular messaging platform has told the Supreme Court in response to Reserve Bank of India’s (RBI’s) affidavit last month. In its response to the apex court on Tuesday, reviewed by TOI, WhatsApp said it has also submitted a ‘confidential revised data-localisation plan’ to all stakeholders. WhatsApp did not name the auditor it has chosen for compliance check.
Incidentally, sources in the regulatory body National Payments Corporation of India (NPCI) said WhatsApp, which has over 200 million active users in the country, is yet to commit to an official timeline to be fully compliant with RBI’s data-localisation norms here. While WhatsApp will need NPCI’s nod to roll out full-scale payments to its over 200 million monthly active users in India, MeitY (ministry of IT and Technology) — which has been involved in the matter — would also need to be convinced of WhatsApp’s complete compliance with Indian rules. The original deadline to comply with RBI’s diktat was October 15 last year.
“There is no specific timeline that has come from WhatsApp on compliance. After RBI’s response in an affidavit became public, they have said they are aiming for compliance, much like their earlier communication,” a person aware of the matter said, adding that compliance needs to be in place before an audit. “WhatsApp will launch the full-release version of its payments service only after it has stored the requisite payments data in compliance with the RBI circular and after the appropriate approval is obtained,” the Menlo Park-based company’s response to the SC said.
This stand comes in the wake of Facebook founder Mark Zuckerberg’s recent opinion piece in Washington Post, where he takes a stand against data localisation, saying it (local storage of data) would make it more vulnerable to unwarranted access. Facebook acquired WhatsApp in 2014 in a $19-billion deal.
Interestingly, WhatsApp’s communication to the SC stressed on how the company places importance on local laws, data security and privacy. However, not everyone is convinced. The view among some in the payments industry is that WhatsApp getting access to about 1 million users in beta stage gives it an undue advantage. Paytm founder Vijay Shekhar Sharma had kicked up a storm on this issue when WhatsApp started payments services in India in February 2018.
An email sent to a WhatsApp India spokesperson did not elicit a response till the time of going to press. So far, the banking regulator has not imposed any penalties on companies for non-compliance but it said it was exploring regulatory action. As reported earlier, in October 2018, WhatsApp said it built a system that stores payments-related data locally in India. NPCI, however, thought it was not enough since WhatsApp was merely mirroring or copying the payments data in India, while keeping the same in its overseas servers as well.
The RBI has maintained that payments service providers and third-party payments apps should follow its April 6, 2018 circular on data localisation, which mandates storage of key payments data only in India. Payments players lobbied hard with the regulator to let them store a copy of their data overseas. The RBI has stuck to its original stand on this issue.