The Economic Times daily newspaper is available online now.

    Draft privacy data bill doesn’t add up for fintech companies

    Synopsis

    The bill proposes mandatory storage of critical personal data within India only, and leaves the definition of ‘critical data’ for the ministry to consider after consultations with citizens.

    ThinkstockPhotos-170083480ThinkStock Photos
    The bill proposes mandatory storage of critical personal data within India only, and leaves the definition of ‘critical data’ for the ministry to consider after consultations with citizens.
    BENGALURU:While the proposed Data Protection Bill, 2018, along with the SriKrishna Committee Recommendations have made consumers owner of their own data, fintech startups, which deal with sensitive financial information of users all the time, are seeking more clarity on the penal provisions of the bill, distribution of power between multiple authorities, and more details on storage of user data.

    “We are looking for more clarity on two major points: one is the definition of the critical personal data that the bill proposes, and we need to understand who will define which data is critical,” said Sameer Nigam, chief executive officer, PhonePe. “Second is the new bill should ensure that differences in guidelines and differences in interpretations of rules between multiple government entities go away and we have a fixed track to follow.”

    The bill proposes mandatory storage of critical personal data within India only, and leaves the definition of ‘critical data’ for the ministry to consider after consultations with citizens.

    Clarifying his stand on data localization, Nigam reiterated that he believed that financial transaction data should ideally be processed within India, but a copy of data being stored abroad should be allowed.
    Bank Bazaar head of compliance Parag Mathur said that regarding the timeline of storage of data, there’s need for more industry consultations since that would directly affect business models of multiple fintech players such as BankBazaar which are involved in lifecycle financial management of a customer.

    “In order to avoid any risk of unauthorised access once processing has ceased, the principle of storage limitation will be applicable as an obligation on data fiduciaries. Thus, data fiduciaries will only be able to retain personal data as long as it is required to satisfy the purpose for which it was collected. Thereafter, the said data may be anonymised, or erased, permanently,” read the committee recommendations.

    This could emerge as a vital choke point for fintech players which try to keep track of customers who could take a loan for a holiday now but might need a vehicle loan after two years, or ahome loan after five years. Intermediaries tend to throw up relevant offers to consumers in order to remain the platform of choice for all their financial requirements.

    “We might start with a small loan, but eventually might target him for an insurance product or an investment product -- for that the data needs to be retained and analysed over a period of time,” Mathur explained.

    Similarly, startups which are constantly creating a financial profile of the applicants, perhaps for deciding their credit worthiness or their investment appetite, will need to come up with explicit consent from their customers every time, and that could be a challenge given the fact that user experience might get affected.

    “While social profiling of a customer might still be manageable, explicit consent will have to be taken for financial profiling, which might affect the user experience; further, it could be a challenge for startups to explain to users why this data is being taken and how it will be used,” said Bhavik Hathi, managing director at consultancy firm Alvarez and Marsal.

    However, multiple startups have already designed their applications keeping these issues in mind and they expect a smooth transition into the new era of data regulations.

    “We already follow a consent based user experience and we don’t scrape the applicant’s financial profile, for some lending apps and payments companies, there could be challenges in the case where they are doing a pre-approval flow on the basis some data they already store,” said Lizzie Chapman, co-founder of digital lending startup Zest Money.

    SIDBI MSME Conclave 2024 |Register Now.
    ...more
    SIDBI MSME Conclave 2024 |Register Now.
    ...more
    The Economic Times

    Stories you might be interested in