Aadhaar number, the insistence of it by government and private entities and potential threat of data theft continues to be a hotly debated topic in legal, government and social circles. At this juncture, customers of digital payments app Paytm have alleged that the firm is forcing them to share their 12-digit unique ID. But what heightens concerns is a clause in the mobile app’s terms and conditions.

Users of the app have to consent to their information being shared by One97 — the parent company of Paytm — with its affiliates and service providers. It also takes permission for such information to be ‘processed and stored’ in servers ‘inside or outside India’. So, who are these affiliates? The company’s official spokesperson refused to divulge the details. Interestingly, Chinese conglomerate Alibaba Group’s affiliate Ant Financial owns a massive 40 per cent share in Paytm.

Does that make the Chinese company an affiliate? Does that mean data of Indian customers are shared with a Chinese behemoth? The spokesperson refused to answer these questions too. “Legally, there exist no provisions that stops Paytm from storing data outside India, but they are still in violation of the IT Rules, 2011,” explains Neeraj Arora, a cyber law and security expert practising in the Supreme Court.

ALSO READ:  ‍‍What Is The 'Modus Operandi' Of Cryptocurrencies?

“We do not have a law which requires data localisation, but the RBI has mandated that commercial banks should maintain data in India. It’s not sure if it applies to Payments Banks at the moment, but ideally it should,” he added.

Making matters curious is not just the alleged insistence on Aadhaar data by the company. Paytm also provides a ‘cash back’ of `200 only for those providing their Aadhaar number during KYC authentication. This is not available if you do your authentication using other valid ID proofs. Similar cash back offers were being offered by other Pre-paid Instruments (PPIs) but not in exchange for Aadhaar number. Recently, Infosys co-founder Nandan Nilekani quoted controversy after he said, “Poor Indians can sell their data to access better health care and cheaper loans. Activists allege that Paytm is already putting to practice the theory floated by Nilekani.

ALSO READ:  Naidu's 'Broken Promises' To 'Rayalseema' And 'Uttara Andhra' Regions In AP

A quick look at the T&C of the Paytm payments bank website shows that the app collects “name, address, mailing address, telephone number, email ID and any details that may have been voluntarily provided by you in connection with availing any of the services provided by the Bank”. Also, Paytm takes information pertaining to device, operating system, mobile network to optimise their advertising, this apart from installing cookies into customer web browser. Paytm privacy policy says “the aggregate cookie and tracking information may be shared with third parties”.

“Paytm has been granted bank status under the payments and settlements act. What data they are collecting is illegal as per purpose limitation principle is part of the privacy policy. The violations are done by Facebook and Paytm are the same, both are collecting more data than required, it’s illegal and they can’t share it with their affiliates. We need to put a limit on the collection of data,” cyber law expert Neeraj Arora added.

ALSO READ:  'Swine Flu' At Its Peak In Telangana As Over 300 H1N1 Positive Cases Registered

What is KYC?
Know Your Customer (KYC) is mandatory process followed by financial institutions where they obtain the identity and address of the customers. The purpose is to prevent money laundering and terrorist financing

What are payments banks?
Payments banks is a new model of banks conceptualised by the Reserve Bank of India. These banks can have a limit of Rs 1 lakh per customer. These banks cannot issue loans and credit cards. However, both current account and savings accounts can be operated by such banks. Payments banks can issue services like ATM and debit cards, mobile and net banking. #KhabarLive