Google India Digital Services Limited on Thursday told the Delhi High Court that its GPay App, being a TPAPs (Third Party Application Providers), is allowed under the law to share customer’s UPI (Unified Payments Interface) transaction data with third parties and group companies.
In an affidavit, Google India said the National Payments Corporation of India’s (NPCI) ‘procedural guidelines’ do not impose an absolute prohibition or restriction on a TPAP’s ability to share data or information, if it was done with prior permission of the NPCI and the bank concerned.
It said the NPCI’s procedural guidelines make a clear distinction between ‘Customer Data’ (name, mobile number, gender, address, email ID, location etc.) and ‘Customer Payment Sensitive Data’ (account number, expiry date of debit card, last six digits of debit card, UPI PIN etc.).