India takes baby steps towards tech regulation5 min read . Updated: 06 Oct 2019, 11:50 PM IST
- From a UPI payments market share cap to data protection, India is working to protect users without killing innovation
- Calls to regulate tech to prevent monopoly and protect consumers grow more strident, but the ways to do it are unclear
The National Payments Corporation of India (NPCI) is reported to be considering a 33% market share cap on payment apps that use the Unified Payments Interface (UPI). The move comes in the wake of the looming dominance of Google Pay.
Google Pay and Walmart’s PhonePe were the most downloaded fintech apps worldwide last year, according to mobile app tracker Sensor Tower. Industry reports indicate they account for over two-thirds of UPI transactions. Alibaba-backed Paytm is a distant third, after being the leader until late last year. The plethora of other UPI-based payment apps, including NPCI’s BHIM, are seeing their share dwindle.
NPCI is an umbrella organization that was created by the Reserve Bank of India (RBI) to enable seamless mobile payments between multiple banks via UPI. Seeing the tepid uptake of bank apps, RBI made provisions to let Google use UPI to enter India’s payments market two years ago. The government was keen to give a boost to digital transactions which can be tracked, broaden financial inclusion, and catalyse economic growth.
But now it appears to be doing a double take at the prospect of a duopoly of US companies riding on India’s unique public infrastructure for digital payments. If the UPI market cap is enforced, it will be one of the most significant antitrust action so far to curb Big Tech in India.
Google executives in India have been quick to discourage the step in media statements, claiming it would stifle innovation and go against the government’s objective of bringing hundreds of millions more into digital payments. The move would deny a new consumer the choice of using the app they prefer. So it’s not clear how such a market share cap can be enforced without throwing the baby out with the bathwater.
The NPCI move and Google’s reaction bring to the fore in India a dilemma that regulators worldwide are grappling with: how to benefit from the digital transformation that big tech companies bring without letting the leading ones become so dominant that they can abuse their position.
The European Union has so far fined Google $9.3 billion for dubious practices like manipulating search results to push its own products and services, shutting out competitors in its contracts with advertisers, and so on. Last month, 50 states in the US launched an investigation into Google’s “potential monopolistic behaviour" and its effect on smaller companies. The $820-billion search giant dominates online advertising, hogging nearly one-third of global digital ad spend, estimates eMarketer.
Adding payment transactions in India, Google gets into a stronger position to profile consumers, manipulate behaviour, and help advertisers target them. The world over, consumers love the convenience of “free services" like search, payments, e-commerce and social media. But there is also growing awareness of a lack of control over how their data is used or the ways in which their internet use is mediated.
India is mulling a data protection law, inspired by the European Union’s General Data Protection Regulation (GDPR). But it’s unclear what could be a viable middle ground for India, which is neither the tight control of Europe nor the laissez faire of the US.
“It’s in India’s strategic interest to encourage entrepreneurship and unshackle innovation. You can’t have regulations that impinge on that in a significant way. So it will be important to state that objective as clearly as preserving citizens’ fundamental rights to privacy," says Punit Shukla, who co-authored the national strategy on artificial intelligence at government think tank NITI Aayog before moving to World Economic Forum as a project lead on global tech governance.
Another grey area he points out is the clamour for global tech companies to store data on Indian citizens locally. “That argument has taken on a nationalistic tone unnecessarily. Privacy can be invaded even if all the data is stored locally," says Shukla. “We should also look at whether our startups will be hindered in global markets if other countries adopt similar policies."
Privacy has less to do with where the data is stored than what is stored and how it is encrypted, processed and shared. While calls to regulate tech to prevent monopoly and protect consumers grow more strident, the ways to do it are unclear.
In the pushback against Big Tech, it’s easy to lose sight of how UPI transactions took off after Google Pay launched on 18 September, 2017. The number of UPI transactions had reached a modest 16 million in August that year despite its adoption by Paytm, PhonePe, BHIM and several other apps since its rollout in April 2016.
Monthly UPI transactions nearly doubled to 30 million in September 2017, crossed 100 million in November 2017, and hit the 500 million mark a year later. Last month, the number was 955 million, NPCI data showed.
UPI scores heavily over mobile wallets in higher value transactions, according to RedSeer. The total value of mobile wallet transactions in the last financial year was ₹1.84 trillion; UPI transaction value was nearly five times that amount. But wallets like Paytm may stage a comeback if top UPI apps are hamstrung by market caps.
One can attribute the rise of UPI to Big Tech’s money power to acquire users with cashbacks. But it has a lot to do with being user-friendly and hooking users with gamification such as Google Pay’s “scratch cards". Users get scratch cards for sending or receiving money, and follow instructions for a chance to win a cash reward.
“American tech companies have started to understand Indian consumers better. Google and Amazon have gone the deepest and to some extent WhatsApp, although it is limited by its service being encrypted," says Sahil Kini, co-founder of fintech infrastructure startup Setu, who was earlier a member of the IndiaStack team that built Aadhaar and UPI. “Google is introducing India-specific apps. Google Pay in India is different from other countries. They’ve established a unit to build products for the so-called next billion users, half of whom will be from India."
Privacy regulators also need a deep dive to understand the behaviour of users to ensure their needs are served. Communication consultant Erica Diya Basu, who is currently researching internet governance at American University, finds little evidence that even civil society advocates of privacy in India have drilled down to the user level to see how they’re interacting with technology. “This space is heavily populated by people from the legal and technology spheres. It’s only now in the past year that others from the social and behavioural sciences are being included in the debate," she says.
India has an opportunity to create its own tech regulation framework suited to its society and economy, just as it did with citizen ID and mobile payments. It’s important to do it well because India will have the largest number of people coming online outside China.
Sumit Chakraberty is a contributing editor with Mint. Write to him at email@example.com