Privacy and Finance
Updated: Apr 25
By Prof. Shohini Sengupta.
Challenges in the financial regulatory space
“Privacy is a concomitant of the right of the individual to exercise control over his or her personality. It finds an origin in the notion that there are certain rights which are natural to or inherent in a human being.”
An understanding of privacy, in finance, law, or technology, is gaining rapid traction amongst bankers, technologists, Constitutional lawyers, human rights activists and most importantly, citizenry around the world, because of the fundamental ways in which it impacts lives, and businesses. In India, this discussion is in the eye of the storm, with the ‘Personal Data Protection Bill, 2019’ (PDP) being introduced in Parliament in December, 2019.
The legislative journey so far and importance of data privacy
The recent discourse around privacy started gaining attention with the constitution of the ‘Committee of Experts’ in 2017, (led by Justice B.N. Srikrishna) which was set up to examine various issues related to data protection in India. The Committee came out with a report with certain recommendations for the Government, many of which have been incorporated into the 2019 Bill; and a draft bill. Meanwhile, in August 2017, the Supreme Court of India delivered a landmark judgement on privacy, declaring it to be a fundamental right under Article 21 (‘right to life’) of the Indian Constitution. The judgement laid the foundation for people’s right to dignity, gender and sexuality, and other fundamental matters of governance and autonomy.
The impact on financial data
The PDP Bill, 2019 sought to provide a legislative framework governing the collection, processing, usage, storage, transfer and disclosure of personal data, along with the protection of personal data of individuals. Importantly, it sought to establish a ‘Data Protection Authority’ for the same. The Bill was meant to be a general law, with the expectation that sectoral regulators would then prescribe specific rules and regulations. However, the discourse around the protection of financial data of individuals in particular is still significantly limited. There are several areas of financial policy that are still vague about how financial data will be sufficiently protected in the coming times. For instance, the regulations on regulatory sandbox released by both RBI and IRDA in 2019 for the banking and insurance sector respectively, were severely limiting in their scope of protection of financial consumers. The idea of ‘consent’ in digital financial transactions is also blurry, leaving financial consumers at the behest of big financial players with more leverage. Further, with innovations in open banking, credit analytics and leveraging of big data, there is a need for regulators to fuel innovation, along with developing harmonised policies on data privacy and financial customer protection, to enable a deeper understanding of operating principles for fintech innovation and risks, cross-sectoral innovation, and regulatory co-ordination.
It is important for India to learn from other jurisdictions including Hong Kong, Australia, Singapore, EU, and the US, where the discourse around financial data protection and innovation is running concurrently. Without a uniform and rigorous approach to issues of privacy and technology, financial innovation will be limited to pockets of convenience and privilege, affecting the most disenfranchised amongst us disproportionately.
 Justice K.S.Puttaswamy(Retd) vs Union Of India, (2017) 10 SCC 1, ¶47 (per Justice D.Y. Chandrachud).