You can see the rules and regulations in other jurisdictions.
Financial institutions are typically bound by the existing laws pertaining to I.T., cybersecurity and data privacy, including provisions for outsourcing. In this regard, the Reserve Bank of India has specifically stated that credit information of customers should not be shared with non-regulated parties (such as unregulated fintech organizations) without explicit consent from them. Additionally, the Information Technology Act and the ensuing rules necessitate obtaining prior authorization when collecting and disclosing sensitive personal data of individuals.1
Indian authorities obligate institutions to share customer information only when mandated by the court or a governmental entity as outlined in law. To balance data privacy worries with the industry's need for available data sharing, the Reserve Bank of India (RBI) formulated a new type of Non-Banking Financial Companies (NBFCs): 'Account Aggregators' (AAs). They act as regulated intermediaries, who facilitate controlled and approved sharing of financial info through compatible IT systems with organisations providing financial services.1
An entity may conduct digital profiling in accordance with the current data protection and privacy framework if it obtains the active consent of the user before collecting or using data. In order to bring India's data protection regime in line with more robust international standards, such as those set out by the European Union General Data Protection Regulation, the government is working to enact a comprehensive data privacy law. The Joint Parliamentary Committee recently unveiled the Data Protection Bill 2021 (DPB), formerly known as the PDP Bill, broadening its scope to cover non-personal data. There have been some other notable modifications to the DPB too, such as excluding non-digitised information from its purview and adding stricter limitations on movement of data by a fiduciary. When the legislation (subject to additional changes) eventually comes into effect, it is conceivable that Indian fintech firms may need to put aside extra assets and time in order to be compliant with it.1
Cross-border payments in India
Participation as a lawyer at investment venture funds, leading venture M&A deals in IT, supporting iGaming and business assets
Comprehensive legal services for businesses on corporate, tax law, cryptocurrency legislation, investment activities