Google Pay has been accused by Paytm of sharing consumer data with third-party tech companies for monetary gains in the form of advertisements. Although Google has denied this allegation, it does raise significant questions about the safety of our personal data

“Google Pay, which is an unregulated platform, has the scope of using their customers’ data for monetary gains with complete disregard for the users’ need for privacy,” wrote Paytm, India’s most popular digital payment platform, in a letter to the NCPI (National Payments Corporation of India) Chief Executive Dilip Asbe.

There have been whispers over concerns for the security of personal data ever since Google introduced the accounts syncing feature, where multiple websites and online portals can be logged on to with only one Google ID. This means that Google can access the data exchanged in any online interaction done via the Google account.

Google’s privacy policy states that the company may share payment data of customers with third party service providers. “You hereby expressly consent to and permit Google, group companies and the payment participants to collect, store, disclose and share your information with each other or other third party service providers for the purpose of providing Google Pay Services either through the Google Pay App or any other platform. Such information may include but will not be limited to your personal information such as your name, address, Google account or payment instruction details, all transaction details, any communication made through Google Pay or message that you send with the transaction or information with respect to third parties and the recipients,” states the privacy policy. That checkpoint asking if users agree to the terms and conditions of a website, is in fact important, and demands more than just two seconds of our time.

Google was however quick to backtrack with regard to this clause, saying that it has not shared any user’s data for monetisation purposes and has updated its privacy policy. The specifics of said updates are still unknown. It claims that a common thread of consumer data is maintained through the Google Account in order to facilitate quick and smooth management of online risks across platforms — in which case sharing of individual UPI (Unified Payments Interface) data would be out of the question.

If Google shares or our payment data, it could be the first step to a massive data breach of unprecedented proportions. The competitive nature of the businesses prompts them to crave as much data about their potential demand group as possible, and this information poses itself as a resource. In sharing user data with third parties like, the data is anonymised by Google. Given that, despite the gigantic reach that Google has over almost all of our online interactions, this anonymous data can be decrypted to partially or fully reveal the users through statistical analysis techniques. And as for the figurative data warehouse — that is, the entire collective of data amassed by Google — is primarily stored in raw form, with fully identified payment details of users. This makes it an extremely attractive target for hackers.

Any online database is just as vulnerable as the next. Take the Equifax data breach of 2017. One of the largest consumer credit reporting agencies worldwide, Equifax saw a breach of gargantuan proportions, exposing data of over 146 million users in the US, UK and Canada. Social security numbers were also hacked. Google is as likely a target as any.

Rakshit Tandon, one of India’s leading cybersecurity experts, says consumers have to take personal responsibility to protect personal information. The all-encompassing problem related to personal information is bank details. The chain of events begins “when the weakest link is the user,” he says. “The user compromises his personal data and biometrics to the wrong person.” Tandon goes on to say that payment details as a problem is always a dubious subject, but yes, the rates of financial crime in cyberspace have increased in the recent past, as reported by various cyber cells.

“Cybercrime has always been on the rise, and it stands to reason that as the number of internet users increases, the surface area for these crimes to be committed will also increase,” opines Tandon. According to him, as internet penetration becomes more and more widespread, along with the advantages it brings, it will also make people more vulnerable to cybercrime, and quite possibly generate more perpetrators as well. He admits that with the trend of syncing all online accounts and activities, the rates of financial frauds and the vulnerability of people to the same have gone up. “As a people, we are reactive, not proactive,” he explains.

UIDAI had been attempting something similar to a common Google Account with the order to link Aadhar numbers with phone and bank accounts. This order was very recently revoked, and it has been declared that linking of phone numbers with Aadhar will not in fact be made compulsory.

“Aadhar is equivalent to a Social Security number, and in my experience in the US, that privilege did make things easier for me,” says Tandon.

According to him, although issues of financial frauds and identity thefts cannot be denied, the steps taken to rectify these loopholes are steps in the right direction. Paytm also alleges that while India is still feeling her way around framing data protection laws, Google is being “allowed to share” the data with parties abroad, which is especially unfair since WhatsApp was directed to stop sharing data with Facebook.

With Google Pay, the fact remains that to make online transactions easier, facing the possible threat of hacks is a necessary evil. Thanks to the stellar reputation Google maintains, nearly all users are guilty of casually skipping over the Terms and Conditions disclaimers when signing in to new websites via Google Accounts.

Knowing one’s way around the cyberspace is a privilege and an exposure to danger, with examples of the ramifications being seen every day. Clearly, engaging in cyberspace makes us vulnerable to a number of different threats —Google Pay sharing our data being one of them. While our individual UPI data is seemingly safe in Google’s hands, it does throw a shadow of doubt on how fragile and subject to threat is our personal data.

+ posts