HYDERABAD: Digital payments major Paytm on Thursday took down its Rs 200 cash back offer for customers providing their Aadhaar number for KYC authentication. The move came after Express reported on Wednesday that the offer was available only to customers opting to give their 12-digit unique ID.
However, responding to the report that also mentioned a set of terms & conditions published by the app seeking consent of users to share their information with ‘affiliates’ and store the same in servers ‘inside or outside India’, Paytm claimed that the T&C cited by Express were “defunct and non-relevant.”
The company also assured its consumers that “all user information was securely encrypted on Indian servers as per applicable guidelines.” However, the terms & conditions the company claimed to be “defunct” was available on the app at least till Wednesday night. Further, an official spokesperson of the company who was contacted by Express on Wednesday, before the report was published, did not deny the T&C but refused to comment on the same. On Thursday, the app also removed its offer proving cash incentive for consumers sharing their Aadhaar number.
Supreme Court Lawyer and an expert on cybersecurity laws, Neeraj Arora, had this to say, “When you are giving T&C, you have to abide by the security practices. There should be a limit on data collection. At present, they are in violation of Indian laws, especially the Information Technology (Reasonable Security practices and procedures and sensitive personal data or information) Rules, 2011.”
“When you are collecting personal data -- and information contained in Aadhaar is personal information -- then there is a legal obligation. They cannot put T&C by their choice because the law puts a clear limit on what information can and cannot be collected,” said Arora. The collection of Aadhaar number by Paytm is only for authenticating KYC and not with any delivery of public service. A consumer has right to make a complaint and claim damages if the data has been misused under Section 43 of the IT Act,” he added.