Banks not collecting data protection Act-compliant consent, says IDfy

March 14, 2024 04:30 IST

Besides, nine of 10 banks had misleading or unclear policies (and zero did it in 22 languages), as per the report.

Several banks in the country are not collecting user consent as mandated under the Digital Personal Data Protection (DPDP) Act, which was passed in August last year, according to a report by IDfy, an integrated identity verification and digital onboarding platform.

The report, which investigated data privacy in the banking journeys of the top 10 banks in India, said eight out of 10 banks do not mention personally identifiable information (PII) data collected in their privacy policy. This includes information like account number, permanent account number (PAN) and Aadhaar number.

The report did not mention the names of the top 10 banks.

Banks are violating the provision of data minimisation by collecting unnecessary data for the customers. Information such as employer’s name, work email ID, religion and caste, etc. is being collected to open a bank account, the report said.

“Responsible use of PII is required if companies are interested in keeping their customers’ trust, and we, as brands, need to relook at how and for what purpose we are using customers’ data,” said Ashok Hariharan, CEO and co-founder of IDfy.

According to the reports, education loans are another avenue where an individual’s PII is vulnerable, as 75% of the PII data collected during the educational loan process was found to be sensitive PII data.

Further, nine out of 10 banks did not have a cookie consent banner and a mere 7% of the cookies found were actually “necessary”, it said.

Currently, the government is working on the DPDP rules that will in a way give major clarity to the companies for implementing the DPDP Act.

Among other key issues, none of the banks collected parental consent while processing a minor’s data, whereas five out of 10 banks did not mention the purpose while taking consent to share data with other parties.

Besides, nine of 10 banks had misleading or unclear policies (and zero did it in 22 languages), as per the report.

Key Findings

8 of 10 banks don’t mention personally identifiable information data collected in privacy policy

This includes account, PAN and Aadhaar number

9 out of 10 banks did not have a cookie consent banner

None of the banks took parental consent while processing a minor’s data

5 of 10 banks didn’t mention the purpose while taking consent to share data with other parties

9 of 10 banks had misleading or unclear policies

TOPICSBanking

Get Live Share Market updates, Stock Market Quotes, and the latest India News and business news on Financial Express. Download the Financial Express App for the latest finance news.

This article was first uploaded on March fourteen, twenty twenty-four, at thirty minutes past four in the morning.