The Digital Personal Data Protection Bill, 2023, addresses the need for a comprehensive data governance framework
As India advances toward becoming a data capital in the global arena, ensuring data privacy and security has emerged as a critical concern. The recently approved Digital Data Protection Bill, 2023, establishes a much-needed comprehensive framework for controlling and safeguarding data. This legislation revolves around four pillars of data protection: (a) data privacy, (b) trust and data security, (c) transparency, and (d) data ownership.
Early shoots of the data-centric regulatory intent were visible through RBI’s Guidelines on Digital Lending in September 2022 where one of the focus areas was data protection and data privacy. The technological standards applied prior to the DLG guidelines were non-uniform in nature and were based on subjective judgements of companies, resulting in a dip in customer trust and attracting a lot of inconsistency in loan management practices. The DLG guidelines brought uniformity to these checks and provided regulatory oversight. The regulation was able to onboard a substantial portion of unregulated lenders to a data-secure regulated landscape, thereby fostering trust in the digital lending ecosystem.
Because of this regulatory framework, digital lenders have a head start in terms of digital personal data protection. However, these regulations were primarily focused on digital lenders leaving behind a significant portion of non-lending digital entities that remained outside the scope of the regulations. The non-lending digital entities will have a larger ground to cover and might face temporary hiccups in implementing some of the provisions of Digital Personal Data Protection.
For instance, purpose-driven consent on data is one such element that will see a lot of friction in implementation. Digital non-lending entities have been collecting information in the name of enhancing and improving customer experience, all of which would now be subject to purpose-based consent architecture. Digital Lenders who were subject to the Guidelines on Digital Lending have a lot more clarity and are aligned for compliance with this framework. Digital Non-Lending Entities will have to find out a way to balance user experience and compliance, which may require some transition time.
Founder & CEO,
Flexpay by Vivifi
Provisions relating to Data Ownership are something that would be the second biggest challenge the digital non-lending entities. Digital Lenders have now devised various methods to ensure all data that they possess or transmit is secured. All data that they capture is need-based and is subject to DLG driven frameworks on consent, disclosure, and storage. This was done to ensure data privacy, trust, and transparency. While there would be some bit of experience that digital non-lending companies would be able to leverage from their lending counterparts, the solutions would need to be customized to their business needs, which might prove challenging for them.
Overall, the Digital Personal Data Protection Bill, 2023, addresses the need for a comprehensive data governance framework. However, digital non-lending entities would have a larger ground to cover compared to their lending counterparts, because of which they might need some cushion for transition. Though its implementation would be tedious initially, in the long run, it has the potential to enable India to leverage digital readiness and become the next Silicon Valley in the truest sense.
