Data protection law in India is a step closer to being enacted after Union IT Minister Ravi Shankar Prasad introduced the Personal Data Protection Bill, 2019, in Parliament. Due to the compound increase in the number of online transactions and the amount of data generated, we require a concrete bill to enhance our data protection. The bill must focus on providing a framework for protecting individuals' privacy by informing the customers about how their data is processed.
In July 2017, the Government of India formed a committee of experts headed by retired Supreme Court Justice BN SriKrishna to study the issues related to data protection law in India. After working on it for a year, the committee submitted a draft of the Personal Data Protection (PDP) Bill in July 2018 and requested feedback from the public, Ministers, stakeholders, and other industry experts. Based on the input, a revised draft of the bill was submitted in the Lok Sabha and the lower house of parliament in December 2019. Now it has been referred to a 30-member Joint Parliamentary Committee for review, which is expected to submit its report on or before April 3, 2020.
This bill is expected to create disruptions across industries, and it is set to have a significant impact on fintech, as it necessitates fintech companies to prepare for additional compliance obligations. Fintech platforms handle large volumes of sensitive customer data'names, cell phones, addresses, bank account numbers, credit history, and PAN. The bill classifies all forms of personal financial data as 'sensitive personal data.' This action may bring more complications to this sector as chances of ranking these fintech companies as 'Significant Data Fiduciaries' is very high.
Another challenge is the provision of 'right to be forgotten,' where organizations are not allowed to access customer data after the purpose of which it was shared is met unless they have explicit consent from the customer. The deletion of data can create new regulatory bottlenecks for fintech companies as they won't be able to assume ownership of consumer data as their own. This action also will erode their competitive edge over other companies where data was their moat. In contrast, opportunities will open for new players like consent brokers who facilitate data sharing, storage, and management of end-user data across multiple platforms on behalf of users.
It might take long for fintech companies to adapt to the new data protection guidelines. However, companies should start making investments in data systems to comply with the bill as soon as possible to avoid hefty penalties.