A parliamentary panel on Thursday questioned Paytm representatives about the quantum of Chinese investment in the company and told them that the servers on which customer data is stored should be in India.
Top officials of Paytm appeared before the Joint Committee of Parliament on the Personal Data Protection Bill, and submitted their suggestions on key aspects of the proposed legislation such as management and transfer abroad of sensitive personal data, sources said.
Members of the panel from different political parties asked Paytm why the server on which data of its customers is collected and stored is abroad when it claims to be an Indian firm, sources said.
The panel members told Paytm representatives that the server on which customer data is stored should be based in India, sources said, adding that they also wanted to know about the quantum of Chinese investments in the digital payment service and specifics about its "backend linkages".
Questions were also raised about the possible conflict of interest considering that Paytm also sells its own products on its e-commerce platform, they said. In its submission before the panel, Paytm said sensitive and personal data may be transferred outside India for the purpose of processing when explicit consent is given by the "data principal" for such transfer.
Facebook, Twitter and Amazon have deposed before the panel, while representatives of telecom operators Reliance Jio and Airtel and cab aggregators Ola and Uber have been asked to appear before it. The committee, chaired by BJP MP Meenakshi Lekhi, is examining the Personal Data Protection Bill, 2019.
The Personal Data Protection Bill was introduced in Lok Sabha by Minister of Electronics and Information Technology Ravi Shankar Prasad on December 11, 2019. The bill seeks to provide for protection of personal data of individuals and establishment of a data protection authority for the same.
The bill was later referred to a joint select committee of both Houses of Parliament. The proposed law seeks bar on storing and processing of personal data by entities without the explicit consent of an individual.