The Reserve Bank of India (RBI) or any sectoral regulator could frame their own rules for storage and processing of personal data, minister of state for electronics and IT Rajeev Chandrasekhar said on Friday.
Though the new Digital Personal Data Protection (DPDP) Act allows businesses to export personal data to any country except a few that may be put on a black list, if the regulators find such data in their possession to be more sensitive in nature and are best controlled by them, they could bring these under their own regulations, he said.
Speaking at the FE Best Banks Awards, Chandrasekhar said, “The RBI or a health regulator, can turn around and say that this personal data in our domain is more sensitive and we can prescribe stronger, harder rules for the storage and processing of the data. The law has that provision.”
Chandrasekhar comments assume significance as the industry was looking for clarity on whether they will have to comply with certain areas of regulations that are already being prescribed by their sectoral regulators, from the ambit of DPDP Act as well.
With regard to data storage norms, the Act allows any company to store their data in geographies which would abide by India’s data protection norms.
“As long as the obligations under the DPDP Act are enforceable in a geography, we will not prevent the platforms (from storing their data there),” Chandrasekhar said. “However, if you find that there is any case that a particular jurisdiction has either diluted the rights of the Indian citizen or the Indian business, we have the power to black-list that geography,” he added.
Addressing the issue on the menace of illegal lending apps, the minister said the government is working on a framework that will require all lending apps to undergo a due diligence process before they could be allowed to enter the banking system.
The norms will be stricter for standalone apps that are unregulated entities trying to deliver private credit and their sources are not known.
Last year, finance minister Nirmala Sitharaman had expressed concern on the instances of illegal loan apps offering loans/micro credits at very high interest rates, and urged the RBI to prepare a whitelist of all legal apps. On its part, the ministry of electronics and information technology (MeitY) issued orders to restrict dozens of such loan apps from app stores, including those hosted by NBFCs and other entities regulated by the RBI under its September 2022 guidelines concerning digital lending.
The framework, according to Chandrasekhar, would control the menace of fraudulent and predatory loan apps on the app stores as without clearance from respective banks and the RBI, the companies would not be able to lend. A due diligence requirement also assumes significance as there has been a rise in number of cases lately, where these companies are involved in illegal loan recovery tactics.
Chandrasekhar said, “Given the propensity of these apps to come onto these play stores at the rate of 100 and 200 per day, we have moved away from the white listing approach to creating a much more diligence-based approach.”
“This is not to do with fake loan apps as much. It is about loan apps that are predatory and are violating the laws, and crossing the threshold of criminal conduct,” Chandrasekhar added.
If there is an app that is determined to do some predatory type of behaviour that should be caught at the due diligence, the e-KYC (know your customer), or the KYC level before they are allowed to open a bank account. Some sort of tracking of their bank transactions to regulate them will also be done, Chandrasekhar explained.
Further, app stores such as Google Play Store and Apple App Store onboard these apps based on technical and security compliance and not on legal compliance. Therefore, the thinking within the government is that when these apps end up doing criminal activity in the finance space, it becomes challenging to regulate and decide who will regulate them.
The minister on Friday also chaired a meeting, which included officials from IT ministry, RBI and the department of financial services, to deal with the menace of illegal loan apps. “We are working on some interesting models on how to ensure that the safety and trust of the internet, which is really our duty to the digital nagriks, is never compromised,” Chandrasekhar said.