BENGALURU: In order to protect borrowers’ personal data, the Reserve Bank of India’s (RBI) new lending norms have stressed data protection. It said that regulated entities (REs) should ensure that LSPs (lending service providers) engaged by them do not store the personal information of borrowers except for some basic minimal data.
Any collection of data by DLAs (digital lending apps) should be need-based and with the prior and explicit consent of the borrower. This is one of the recommendations of a working group for digital lending that submitted its report to the RBI, and this will be implemented immediately. One of the main concerns of the borrowers is that digital lending apps store all personal information including phone numbers in contact lists.
The central bank mandated that DLAs should not access mobile phone resources, such as files and media, contact lists, call logs and telephony functions. However, DLAs can request one-time access to a camera, microphone, location, or any other facility necessary for onboarding/ KYC requirements only with the explicit consent of the borrower, said Nageen Kommu, CEO, Digitap.
He added that these guidelines will certainly contribute towards safeguarding customer data, by imparting the required degree of power in the hands of the customers. The central bank said no biometric data should be stored or collected in the systems associated with the lending apps of REs. Also, regulated entities should ensure that all data is stored in servers located within India.
It is also important to note that with the guidelines coming into action, borrowers will now have the power to accept or deny the consent for use of any specific data. This also includes revoking previously granted consent, which will empower customers to take charge of their data rights, said Sugandh Saxena, CEO, of Fintech Association for Consumer Empowerment.