Oct 16, 2018

To

Members of Board of Payments & Settlements,

DGM Dept of Payments & Settlements,

Reserve Bank of India.

Copy To

CEOs of PayTM, PayUMoney, GooglePay India, HDFC Bank, NPCI

Subject : Privacy Breach -  Non-consensual retrieval of bill data by BBPSOUs, enabled by BBPSCU.

Dear Sir / Madam,

This is to bring to your attention the practices of PayTM, PayU, Google Pay, HDFC and possibly several other banks and fintech companies in automatic retrieval bill payments data without user consent. The users are receiving these alerts, even after uninstalling the said applications from mobile. It is widely acknowledged that companies are using utility bill payments data to build credit profile of individuals. As RBI governs all payment systems and regulates NPCI which is the only licensed operator (BBPSCU) to provide bill payment services Bharat Billpay (BBPS), please provide appropriate cease and desist instructions to entities and enablers of this act which grossly violates of the fundamental right to privacy. It is also requested RBI do data audits on these entities, design of these payment systems to take suitable action for breach of privacy and prevent the same in future. Thank you.

References:

PayTM : https://twitter.com/digitaldutta/status/1044065960682958849

PayU : https://twitter.com/aldebaran14/status/1044148981578838016

Google Pay : https://twitter.com/hemanth_v1/status/1044178312023740416

HDFC : https://twitter.com/RachelChitraTOI/status/1050726435827146753

Regards,

Srikanth L

Cashless Consumer

https://www.cashlessconsumer.in