Get App
Last Updated : Apr 22, 2018 07:36 PM IST | Source:

Data generated in India should not leave the country: Paytm COO Kiran Vasireddy

The real issue being discussed is that people are not knowing what their data is being used for by those social media companies, feels Vasireddy.

Priyanka Sahay @priyankasahay

Facebook's instant messaging arm WhatsApp recently forayed into the payments space in India. However, it didn't go down very well with many including Paytm that cried foul by alleging that Facebook was flouting the rules of a level playing field.

Facebook is now embroiled in a data leak controversy that affected roughly 87 million users of the company. The whole issue has raised questions about the social networking firm's business model.

In a conversation with Moneycontrol, Kiran Vasireddy, COO of Paytm stresses upon the need for stringent user data protection laws hinting at the issues with Facebook's business model. Edited Excerpts:

What are your thoughts on the issue of data privacy?

As a nation, it is important that we come out with strict data privacy laws. Today, some of the social networking apps (won't name them) have access to data which is shared with third parties and that's their core business model. Some of them are also getting access to banking and financial services data which could be a lethal combination.

What needs to be taken care of is that data that gets generated here, stays here. It should not leave the boundaries of the country. The second thing is about the ownership of the data. We are very clear that as far as ownership is concerned, it is the people who should own their data, not the corporate or the government. At the end of the day, it is their data and they should own that data.

How can that be made possible?

It can be done by bringing the data privacy laws. The real problem is not about all these companies having access to the data but the intent and the use of data. Now, some of those companies have a business model of selling those data to third party companies. That is where it becomes tricky. As long as you have data privacy laws which would take care of how, where and when the data would be used, I am sure that a lot of things will fall into place.

The data which gets generated here should be regulated in some forms or the other. There can't be companies who do have access to financial services or banking data without getting regulated at all. These are some of the issues that need to be taken care of and we are quite hopeful that the government will come out with stringent data privacy laws.

Where should be the demarcation? A third party app like Uber is allowed to read my Paytm balance. So while Paytm is sharing users’ data with Uber many other apps are doing so with different third-party apps.

First of all, the demarcation comes about by people knowing that their data is being shared. The second aspect is about what data (is being shared). At the end of the day, it is not the whole data unlike what the social networking apps do.

That is their core business model, about collecting their data and then leveraging it, sharing with third parties for their own gain.

Hence, the demarcation comes in when people know when and what kind of data you want to share. You would know that your typical wallet balance is getting shared for a use case not anything beyond that.

The real issue being discussed is that people are not knowing what their data is being used for by those social media companies. They collect all your data and share it with any third party which you do not know who they are.

For how long should an app store the data of a customer, after he or she has deleted the app? In the case of Paytm, what is the norm?

The ethical obligation is to not have the data as long as there is a regulation which ensures that you have to have that data for a certain period of time. For companies like us or others, we all fall under some kind regulation.

Are there any guidelines around this for payment banks?

If you have a wallet and if you have some balance, even if you delete the app, the balance remains. We send daily reports to RBI of what the balance is for each and every individual in his account. So deleting the app doesn't mean that the balance is vanishing out. So as long as people fall under some form of regulation, things are taken care of.

Even though the RBI has made it clear that the minimum KYC can be done by using any official ID, many apps are trying to force customers to submit their Aadhaar to do the same. Would Paytm object to something like that happening?

We do not restrict our customers to share only Aadhaar for doing KYC. As per the regulation you have other forms of documents for doing your KYC and we allow each and everything that can be used to do KYC. We as Paytm accept every document.

Facebook is known to be sharing its data with third parties. In the case of Paytm to which all parties are how are you entitled to share your data? And how do you plan to or are already communicating that to your customers?

Firstly, I would like to confirm that we as Paytm don't share any data with any third party. We are not in the business model of selling our data. We are solving problems related to payments. We are solving things which can bring millions of people access to financial service.

How do you manage data storage abroad?  For every country that you will expand to, will there be a domestic data storage facility?

Yes, the data belongs to the people of that country. We have operations in Canada and so the Canada data will reside in Canada.

Is doing so a big financial liability?
Obviously, only serious players would like to do that.
First Published on Apr 17, 2018 02:24 pm
More From
Follow us on
Available On
PCI DSS Compliant