The way banking is conducted these days has gone through a sea of change, and also, the fact wh...
The Union IT minister Ravi Shankar Prasad introduced the Personal Data Protection Bill (PDP), 2019, in parliament last year. It may pose a challenge to the financial sector in terms of streamlining their existing obligations and activities with the conditions of the PDP Bill, 2019. In this article, we will have a close look at the bill and its impact on fintech in India.
The PDP Bill 2019 provides a framework for safeguarding the privacy of citizens, bars technological companies from storing and processing confidential personal data without the permission of individuals.
The bill seeks to bring more accountability and transparency to the country’s information ecosystem and, at the same time, addresses the loopholes and data security concerns.
Its implementation is expected to create disruptions in industries and various sectors. One such sector is the fintech sector, which involves digital lending, investment platforms, etc.
The bill specifies certain rights for the individuals. The rights are as follows:
The key highlights of the bill are as follows:
A popular form of fintech service is API (Application Programming Interface) based banking. It permits third-party applications to access data from a bank and provide a service. The relevant data in the bank’s database is accessed with API that provides access only to the queried and permitted data.
Such an exchange of data is outside the scope of RBI’s account aggregator framework. This framework lays down detailed data protection requirements. In the case of fintech provided services, the complete process is governed contractually. The PDP Bill, 2019 will bring about such data protection requirements.
It is expected that once the bill is implemented, it would create many disruptions across industries such as fintech. RBI and the market regulator SEBI have not yet released separate guidelines for fintechs. Therefore there are certain ambiguities with respect to regulations for fintechs in India.
The bill can lead the way for consent-based data sharing in the financial service sector. Often times, financial institutions fail to price risk accurately due to a lack of data on every individual. If the bill is enforced well, then customers would feel free to disclose personal data, and with more data at the disposal of fintech companies, they will customize the products and services much better.
The bill seeks to impose restrictions on cross border data transfer and also prohibits the processing of sensitive personal data outside India. Apart from it, organizations are not allowed to access customer data once the purpose of it is served. It can only be accessed upon explicit permission from the customer. It creates a regulatory impediment for fintech companies.
The bill also poses a challenge to fintech companies in terms that it requires the fintech companies to prepare for additional compliance obligations. These companies deal with large volumes of sensitive personal data. The bill provides all types of personal financial data as personal sensitive data.
It may be noted that social media companies have been included within data fiduciaries. As social media intermediaries, their users require agreeing for voluntary verification of their accounts. Many social media giants have ventured into Fintech.
The Personal Data Protection Bill, 2019, which highly favors Data Principal, confers several rights upon them and imposes restrictions on data fiduciary. The flow of information is essential for fintech companies. Impositions of localization and many other strict norms may bring fresh challenges for fintech platforms while providing customers.
Read our article:Growth Aspect of Fintech in India