Oct 16, 2018
Members of Board of Payments & Settlements,
DGM Dept of Payments & Settlements,
Reserve Bank of India.
CEOs of PayTM, PayUMoney, GooglePay India, HDFC Bank, NPCI
Subject : Privacy Breach - Non-consensual retrieval of bill data by BBPSOUs, enabled by BBPSCU.
Dear Sir / Madam,
This is to bring to your attention the practices of PayTM, PayU, Google Pay, HDFC and possibly several other banks and fintech companies in automatic retrieval bill payments data without user consent. The users are receiving these alerts, even after uninstalling the said applications from mobile. It is widely acknowledged that companies are using utility bill payments data to build credit profile of individuals. As RBI governs all payment systems and regulates NPCI which is the only licensed operator (BBPSCU) to provide bill payment services Bharat Billpay (BBPS), please provide appropriate cease and desist instructions to entities and enablers of this act which grossly violates of the fundamental right to privacy. It is also requested RBI do data audits on these entities, design of these payment systems to take suitable action for breach of privacy and prevent the same in future. Thank you.