Facebook-owned messaging platform WhatsApp Inc on Friday told the Supreme Court that it was in the process of completing compliance with Reserve Bank of India’s (RBI) data localisation norms. The issue of appointing a compliance officer for India has already been settled by the messaging platform, the company said in its submissions before the top court. A two-judge bench led by Justice Rohinton Nariman on Friday adjourned the matter for six weeks to give time to WhatsApp and RBI to file compliance reports on the same.
Hearing a plea moved by the Centre for Accountability and Systemic Change (CASC), a Non-Government Organisation (NGO) which had alleged that WhatsApp had launched its payment services without having fully complied with RBI’s directives on data localisation norms, the two-judge bench said that the petitioner would be at liberty to amend the application in case it was not satisfied with the action taken by WhatsApp with respect to storing data in India and appointing a compliance officer for India.
Earlier in May, WhatsApp had told the apex court that it would not start its payment services in India until it full complied with the domestic data storage norms issued by RBI. In an affidavit filed with the SC in January, the messaging platform had said that it was "currently in the beta-testing stage of a planned service that allows all Indian users to send and receive payments through designated payment service providers".
"WhatsApp is currently beta-testing the Payments Service in India with a small percentage of Indian users and has not yet launched the Payments Service to all Indian users," the company had then said in its affidavit.
RBI had on April 6, 2018, issued norms for storage of data of payment systems, in which it had said that all system providers must ensure that all the data related to payment systems must be stored in a system only in India.
“This data should include the full end-to-end transaction details or information collected and carried or processed as part of the message or payment instruction. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required,” RBI had said at the time.
In its affidavit filed with the SC, the banking regulator had on March 27 said as it does not give any approval to entities like WhatsApp to act as authorised payment system operator, it had been following up with National Payments Council of India (NPCI), the service provider, with respect to the status of compliance by WhatsApp.
The NPCI, which is the system provider of Unified Payment Interface (UPI), has allowed such entities to operate under the multi-bank model of the UPI and thus the responsibility for any commissions I omissions of such entities lay with NPCI, RBI had said in its affidavit.
The NPCI had, through a letter dated November 16, 2018, and via an email on February 5, 2019, informed the RBI that WhatsApp had not yet complied with the banking regulators’ data localisation norms.
On August 27 last year, the top court had agreed to examine CASC’s plea which had alleged that WhatsApp was not complying with Indian laws, including the provision for appointing a grievance officer. The messaging platform has over 200 million users in India which is one of the largest bases for it. The company has over 1.5 billion users globally.