top of page
Search

BANKING ON DATA, BETTING ON TRUST: THE PRIVACY RECKONING OF INDIA’S FINANCIAL SECTOR

Updated: May 6

The Digital Personal Data Protection Act, 2023 (DPDPA) and the Digital Personal Data Protection Rules,2025 (DPDP Rules, 2025) mark a significant shift in India’s approach to data governance, with major implications for the banking sector. From fragmented cybersecurity measures to a comprehensive rights-based regime, as banks increasingly rely on digital platforms and data analytics for credit assessment, risk management, and customer engagement, the processing of personal financial information has expanded substantially. This paper evaluates how the DPDP framework restructures the legal responsibilities of banks as Data Fiduciaries. Building on constitutional ‘privacy’ recognition in KS Puttaswamy v. Union of India judgement, it analyses the evolution of India’s earlier cybersecurity-focused regime toward a rights-based model that emphasises consent, purpose limitation, data minimisation, and accountability. The study further examines the operational impact on banking systems, such as consent management, legacy upgrades, Consent Managers, regulatory coordination challenges between the Data Protection Board and the Reserve Bank of India, and the tension between privacy obligations and financial compliance requirements like Know Your Customer (KYC) and Anti-Money Laundering (AML) retention. The paper argues that while the framework imposes compliance costs, it strengthens consumer trust and establishes a more stable foundation for digital banking governance in India.



 
 
 

Recent Posts

See All

Comments


Commenting on this post isn't available anymore. Contact the site owner for more info.
bottom of page