Your browser is currently blocking notification.
Please follow this instruction to subscribe:
Notifications are already enabled.

Loan Issuers Ask For Redrafting Of Personal Data Protection Bill’s Definition Of ‘Sensitive’ Info

Loan Issuers Ask For Redrafting Of Personal Data Protection Bill’s Definition Of ‘Sensitive’ Info

The concerns arise as part of second round of consultations on Personal Data Protection (PDP) Bill

The bill had divided consumer data into personal and sensitive personal data

The definition of sensitive personal data has been a concern for fintech companies

A group of about 50 fintech companies have reached out to the Ministry of Electronics and Information Technology (MeitY) seeking easy access to personal data which helps them in extending loans to consumers.

The concerns arise as part of the Personal Data Protection (PDP) Bill, which is currently under the second round of consultations. The Srikrishna Committee-recommendations in PDP Bill introduces new definitions of “personal data” and “sensitive personal data”.

Personal data refers to any data of a natural person which allows direct or indirect identifiability. Sensitive personal data includes financial data, biometric data, positive additions such as religious and political beliefs, caste, intersex/transgender status, and official government identifiers like PAN etc.

This definition of sensitive personal data is the concern for fintech companies as they submitted a slew of recommendations for easing access to credit history, financial position and alternative data of customers. They emphasised that the draft bill in its current form recognises all forms of personal financial data as ‘sensitive personal data’.

However, these companies are concerned with the potential restrictions they will face in accessing those aspects of consumer data. This sensitive data will help make their lending practices more prudential and less prone to frauds.

“…only a limited category of financial data such as bank account numbers, passwords, ATM pins, details of cards issued etc., needs to be protected as “sensitive personal data” since misuse and misappropriation of these can result in significant personal harm,” the recommendation letter by Digital Lenders Association of India (DLAI) read, a copy of which has been reviewed by ET.

It is to be noted that over the last few years, fintech companies coupled with government initiatives have been creating credit access to the underprivileged as well as underserved segments ranging from farmers to students.

As per DataLabs by Inc42 estimates, the credit demand in India is projected to be worth $1.41 Tn by 2022. The estimated growth rate in credit demand is 3.73% between FY17 and FY22. To fulfill this credit gap, lending tech startups as well as NBFCs have been enabling loans etc. These includes LendingKart, ZestMoney, Faircent etc.

The Indian government has also been pushing for revolutionising the fintech industry through initiatives such as the regulatory sandbox. In terms of the Personal Data Protection Bill, the second round of consultation included questions such as: Can non-personal data such as data from ecommerce sites, and community data be made freely accessible to all? Whether storage of personal data should also be mandated in India?