Reports of data and consent breaches need industry and regulatory attention


The month of March saw data protocols take the top position as a key challenge for financial inclusion. On one hand, we have service providers eager to utilise customer data - the Digital Lenders Association of India, an industry body of online lenders and non-banking financial companies requested the finance ministry for additional access to user data from telecom, banking and GST return filings to enable them to underwrite loans efficiently (Mint, March 7, 2018). On the other, we have cases of data/consent breaches reported for Aadhaar (Business Today, March 19, 2018) and Facebook (Financial Express, March 23, 2018). While a data protection and privacy law is being formulated in India, and the Supreme Court is presently hearing the PILs against Aadhaar, at Indicus we believe that regulation is necessary but not sufficient - service providers must honestly face up to the possibilities of data and consent breaches by third parties. Here, CGAP’s survey last year of 26 innovative and data-centric financial services providers in emerging economies gives some clear insights for industry and regulators (Data Privacy and Protection – Providers Share Their Perspectives, CGAP, March 27, 2018).

The way forward, therefore, calls for more discussion and coordination between regulators and industry:a) regulators must understand that service providers do recognize the risk to their business from relying on a third-party source for data and they are keen to obtain data directly from consumers, however communicating to customers about privacy does not rank highly on the list of priorities for service providers; b) given the cross bundling of financial services now, inter-sector regulatory coordination is a must, to set up principles for data sharing and standardization, which would allow new business models based on third-party data to operate responsibly and c) there is a need for regulatory and industry guidance on best practices in information security and privacy, including data retention.


• Fostering Innovation For Financial Inclusion - January 2018 – Indicus Policy Brief January, 2018
• ICFI Blog: The challenge of exclusion
• ICFI Blog:Increasing adoption of digital payments
• ICFI Blog:Aadhaar and DBT update
Pradhan Mantri Jan Dhan Yojana Progress Report
RBI Electronic Payment Systems – Data


India’s Little Shops Are a Massive Banking Network in the Making

Finance and Fintech: Invigorating Investment and Inclusion in India

Data drive: Jan-Dhan push to financial inclusion

India Post offers doorstep banking from April

NPCI To Enable UPI-Based International Payments

After China lift off, QR codes are changing the payments game in India

Digital India: How UPI-QR combo will push shops to digitise

WhatsApp adds QR code payments in India

SFBs and Payments Banks' physical approach, financial literacy reduce fraud

Equitas dreams of cashless Chengalpet

Jana Small Finance Bank Commences Operations, Aims 500 Outlets By 2019

Aadhaar's benefits for financial inclusion

The Many Faces of Social Exclusion

Can Agro-Dealers Be the Last-Mile Rails for Digital Finance?

Kenya’s Digital Credit Revolution Five Years On

5 Insights into Credit Scoring for Smallholders

Catalysing Digital Financial Services Through School Fees Payments

The opportunity for mobile money person-to-government payments in Ghana


Start-ups and Mobile in Emerging Markets: Insights from the GSMA Ecosystem Accelerator, GSMA, Spring 2018


Editor: sumita@indicus.orgThe The Indicus Centre for Financial Inclusion was launched in 2011 to distil and disseminate information on accelerating the poor’s access to high-quality financial services. ©Indicus Centre for Financial Inclusion. All rights reserved. 3rd April 2018.

Copyright © 2015 - All Rights Reserved