WhatsApp denies in SC allegations of data hacking by spyware Pegasus

WhatsApp on Monday denied in Supreme Court allegations that its data can be hacked by Israeli syre Pegasus, which h led to a controversy last year over breach of privacy following claims that Indian journalists and human rights activists were among those globally spied upon by unnamed entities.

issue cropped up before a bench heed by Chief Justice S A Bobde which was hearing a plea filed by Rajya Sabha MP Biy Viswam seeking direction to Reserve Bank of India (RBI) for framing regulation to ensure that data collected on UPI platforms is t exploited or used in any manner or than for processing payments.

An allegation is that WhatsApp data can be hacked by a software called Pegasus, bench, also comprising Justices A S Bopanna and V Ramasubramanian, told senior vocate Kapil Sibal, who was appearing for WhatsApp. Sibal said se are all allegations. ne of m are correct. 

RE | PIL To Control Population: Can't Coerce Family Planning, Centre Tells SC

WhatsApp h said last year that it was suing an Israeli surveillance firm that is reportedly behind techlogy that helped unnamed entities' spies to hack into phones of roughly 1,400 users. During hearing conducted through video-conferencing on Monday, senior vocate Krishnan Venugopal, appearing for Viswam, told bench that RBI has filed an affidavit in matter and National Payments Corporation of India (NPCI) should also make its stand clear in matter.

ditional safeguards should be re. WhatsApp's security is t up to mark and third point is of data localisation. Data is being shared by companies like Facebook, WhatsApp and Amazon. This is a breach of privacy. All data are being shared in violation of NPCI rms, Venugopal said. He referred to Pegasus controversy and said that WhatsApp's data can be hacked by spyware.

RE | SC Warns Of Contempt Action For n-compliance Of Order Regarding Re-grassing Of Mined Areas

counsel appearing for NPCI said that he would file an affidavit in matter. bench has posted matter for furr hearing in fourth week of January. On October 15, apex court h sought responses from Centre, RBI, NPCI and ors including Google Inc, Facebook Inc, WhatsApp and Amazon Inc on plea.

Viswam, Communist Party of India (CPI) leer, has sought a direction to RBI and NPCI to ensure that data collected on Unified Payments Interface (UPI) platforms is t shared with ir parent company or any or third party under any circumstances.

In India, UPI payments system is being regulated and supervised by Respondent . 1 (RBI) and Respondent . 2 (NPCI), however, RBI and NPCI inste of fulfilling ir statutory obligations and protecting and securing sensitive data of users are compromising interest of Indian users by allowing n-compliant foreign entities to operate its payment services in India, plea has alleged.

RE | SC To Hear In January Plea Of Kerala Journalists' Body Against Arrest Of Scribe On Way To Hathras

RBI and NPCI have permitted three members of Big Four Tech Giants' i.e. Amazon, Google and Facebook/WhatsApp (Beta phase) to participate in UPI ecosystem without much scrutiny and in spite of blatant violations of UPI guidelines and RBI regulations, it has claimed. plea has alleged that this conduct of RBI and NPCI put sensitive financial data of Indian users at huge risks, especially when se entities have been continuously accused of abusing dominance and compromising data, among or things.

It has furr sought a direction that RBI and NPCI should ensure that WhatsApp is t permitted to launch full scale operations of WhatsApp Pay' in India without fulfilling all legal compliances to satisfaction of court regarding requisite regulatory compliances. It said that in April 2018, RBI, with a view to secure data of Indian users, h issued a circular directing all system providers to ensure that entire data relating to payment systems operated by m are stored in systems only in India and y were asked to ensure compliance by October 15, 2018.

RE | SC To Hear On Dec 16 Plea Seeking Removal Of Farmers Protesting At Delhi Borders

plea claimed that later, RBI toned down April 2018 circular by issuing Frequently Asked Questions (FAQs) and permitted processing of all payment transaction abro, including domestic transactions. In said FAQ it was clarified that in cases of data processing done abro, data should be deleted from systems abro and brought back to India within 24 hours, plea said. It has sought apex court's direction to declare FAQ dated June 26, 2019 issued by RBI as ultra vires to circular dated April 6, 2018.

It alleged that Google and Facebook alrey have access to immense personal data of millions of Indian users and if y are permitted to collect unrestricted financial data of Indian users while operating at UPI platform, same would give m draconian control over sensitive Indian data.