Protecting Your Personal Data When Using Lending Apps

The rise of digital lending apps has provided easy access to loans and credit. However, privacy advocates have raised concerns about how these apps collect and use personal data. With loans and finances involving sensitive information, it is critical that lending apps have robust data protection practices. This article provides a comprehensive overview of how lending apps use customers' personal data, the risks involved, and how new legislation aims to safeguard privacy.

The Importance of Data Privacy

Data privacy refers to the right of individuals to have control over their personal information and how it is collected, used, and shared by organizations. It is an important right as loss of privacy can lead to individual harms like identity theft, financial fraud or discrimination based on personal details.

With mobile apps like lending apps, privacy needs to be guarded especially carefully. As per research from the Pew Center, over 82% of Indian adults feel risks of data misuse outweigh benefits of sharing personal data [1]. Lending apps require financial information, but in absence of consent and transparency, gathering vast amounts of customer data can violate privacy.

Some ways in which data privacy can be compromised when using lending apps are:

• Apps accessing smartphone data like contacts or location without permission [2]
• Selling or sharing customer data with third parties for marketing or analytics without consent
• Data breaches that expose sensitive financial information to hackers
• Use of excessive data collection for profiling or exclusion of financially vulnerable segments

How Lending Apps Use Personal Data

Lending apps catering to unbanked segments require customers' personal data primarily for:

• Verifying identity using PAN, Aadhaar etc. as per KYC norms
• Assessing creditworthiness based on income, credit history etc.
• Authentication via OTP to registered mobile number while transacting
• Directing customized promotions based on profiling of spending habits
• Sharing data with third parties like banks, rating agencies or marketing firms

While some collection and use of data is legitimate, lack of transparency raises privacy concerns. Customers may not always realize the scope of information accessed by apps or how it is monetized.

As per research by McKinsey, Indian consumers are willing to share personal data if it improves access to credit and they have more control over its use [3]. This highlights the need for informed consent along with fair data practices.

How Customers Can Control Their Personal Data Usage

Customers can take certain steps to exercise greater control over their personal data when using lending apps:

• Read the app's privacy policy in detail prior to installing and sharing any data
• Only provide essential information like income proof strictly needed for loan assessment
• Set app permissions like contacts or location access to "Deny" if unnecessary
• Use strong passwords and enable two-factor authentication for account security
• Check if the app offers options like limiting ad tracking or data deletion
• Be vigilant about signs of potential misuse like unexplained calls about loans

How the Digital Personal Data Protection Bill Safeguards Privacy

The Digital Personal Data Protection (DPD) Bill 2021 is an upcoming law aimed at protecting individual privacy and regulating how organizations process personal data [4]. Once enacted, it will have important implications for lending apps.

Key provisions that enhance customer rights include:

• Requiring user consent before collecting or processing personal data in most cases [Section 7]
• Obligating apps to allow users to review, correct or erase their data [Sections 12-13]
• Allowing users to withdraw consent and lodge grievances regarding data use [Sections 14-15]
• Penalties on lending apps of up to ₹250 crores for violations like data breaches [Section 25]

The Bill also places certain transparency, security and accountability requirements on lending apps by classifying them as "data fiduciaries". These include appointing grievance officers and conducting audits where needed [Sections 8-11].

By necessitating proportionate data collection, informed consent and stringent safeguards, the Bill aims to compel lending apps to enact privacy-centric practices. Proper implementation after its enactment will be key.

Conclusion

Lending apps require access to certain personal data but often lack transparency in how data is processed further. While some customer details are essential for functions like underwriting, excessive collection without consent and misuse of data can infringe on privacy rights. Upcoming legislation like the DPD Bill will institute necessary guardrails by strengthening user rights along with imposing penalties to deter violations by apps. However, customers should also remain vigilant regarding sharing of personal data only after understanding apps' data practices. With prudent policies that balance innovation and privacy, lending apps can usher financial inclusion while respecting user rights regarding sensitive personal information.

References

[1] Pew Research Center, “Experts Doubt Ethical AI Design Will Be Broadly Adopted as the Norm Within the Next Decade”, https://www.pewresearch.org/internet/2022/10/18/experts-doubt-ethical-ai-design-will-be-broadly-adopted-as-the-norm-within-the-next-decade/

[2] BusinessLine, “Lending apps seek access to contacts, location despite negligible benefits”, https://www.thehindubusinessline.com/money-and-banking/lending-apps-seek-access-to-contacts-location-despite-negligible-benefits/article65491430.ece

[3] McKinsey, "Digital lending in India: Learning from the emerging success stories", https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/digital-lending-in-india-learning-from-the-emerging-success-stories

[4] PRS India, The Digital Personal Data Protection Bill, 2022, https://prsindia.org/billtrack/digital-personal-data-protection-bill-2022

Disclaimer: This article summarizes aspects of the DPD Bill but does not constitute legal advice. Please consult qualified legal counsel for any specific queries or concerns regarding applicable laws.