We are moving towards a data centric world, and “data is the new oil”. And few would disagree that a key debate today in finance is ‘trust and privacy vs. using data for business growth’. As modern day businesses look to adapt themselves to generate revenue from customer related data, regulators across the world are grappling with the formulation of effective laws to regulate the data-driven economy. Given the relative novelty of the concept, regulators are reflecting on fundamental questions such as the right to privacy, property rights over data and the right to use the collected data.
In India, the Reserve Bank of India (“RBI”) has been fairly forward looking, by passing various regulations and constituting a host of committees to address issues ranging from cyber security to customers data protection norms. In almost all its regulations, RBI has adopted a data privacy framework similar to the one advocated by the Justice BN Srikrishna Committee in its Personal Data Protection Bill, 2018 (“DP Bill”) – an amalgamated framework consisting of consent-and-notice and the vesting of certain rights with the originators of such information. Undoubtedly, the DP Bill will have an impact on the manner in which data is collected, processed and shared by the financial industry. With this as the background, the authors seek to analyse the impact of the DP Bill on businesses engaged in the financial sector.