Recently, the Ministry of Home Affairs issued a directive mandating fintech and consumer tech companies to halt the unauthorized use of PAN card data. This move, facilitated through the Indian Cybercrime Coordination Centre (I4C), aligns with the government’s commitment to enforce the Digital Personal Data Protection Act (DPDPA) of 2023. By requiring clear user consent for PAN usage, the directive seeks to mitigate risks of identity theft and strengthen data privacy. With India’s fintech sector projected to expand from $584 billion in 2022 to $1.5 trillion by 2025, and penalties for non-compliance reaching up to INR 500 crore, the directive marks a pivotal moment for data governance in the digital finance landscape. In this interview, Sandeep Agrawal, Director and Founder of Teamlease Regtech, discusses the implications of this mandate for fintech and consumer tech companies, the challenges in achieving compliance, and the role of regulatory technology in fostering trust and innovation.
TAM: How does the Ministry of Home Affairs’ directive align with the broader objectives of the Digital Personal Data Protection Act, 2023, and what immediate implications does it have for fintech and consumer tech companies?
Sandeep Agrawal: The Ministry of Home Affairs’ directive to halt unauthorized use of PAN data enforces compliance with the Digital Personal Data Protection Act (DPDPA), 2023. The government’s crackdown aims to protect citizens’ Personally Identifiable Information (PII), requiring compliance with the DPDPA 2023, which mandates secure channels and user consent for data processing. The government is setting a clear precedent for data privacy in the tech industry. This compels companies to prioritize transparent data practices and ensures user consent, which are foundational to trust in the digital economy. With PAN cards serving as critical identifiers in financial transactions, unauthorized access could lead to fraud and privacy violations. With penalties as high as Rs 500 crore for significant data breaches, the onus is now on fintech and consumer tech firms to strengthen data protection measures, mitigating risks of fraud while aligning with India’s robust data privacy framework.
TAM: With India’s fintech industry expected to grow significantly, how do you foresee companies balancing regulatory compliance with innovation while addressing user privacy concerns?
Sandeep Agrawal: Fintech companies must adopt a compliance-by-design approach, embedding data protection and privacy into the product development lifecycle. Aligning with regulations like the Digital Personal Data Protection Act (DPDPA), 2023, they should implement robust measures such as data encryption, secure storage, transparent consent mechanisms, and compliance with data localization mandates.
Also read: Digital Personal Data Protection Act (DPDPA) and its Implications for Organizations
To streamline these processes, companies should increasingly leverage Regulatory Technology solutions. Using advanced tools like AI, machine learning, and blockchain, enables automation of regulatory reporting, real-time compliance monitoring, and secure handling of complex mandates. By integrating technological tools, fintech firms can efficiently address privacy concerns, build user trust, and maintain operational efficiency. Collaboration between regulators and the fintech sector is also crucial to fostering innovation while adhering to stringent privacy standards, ensuring sustainable growth in India’s digital economy.
TAM: What are the key challenges fintech and consumer tech companies may face in obtaining clear user consent for PAN usage, and how can they effectively address these?
Sandeep Agrawal: Fintech and consumer tech companies might face several challenges in obtaining clear user consent for PAN usage, including the complexity of consent communication, user fatigue from multiple requests, and concerns over data misuse. To address these, companies must simplify consent requests by using clear, non-technical language, and implement a unified consent approach wherein all the purposes of taking consent should be specified to reduce consent fatigue. Companies should invest in robust data protection measures like encryption and transparent data usage policies. Additionally, ensuring compliance with laws like the Digital Personal Data Protection Act (DPDPA), 2023, is essential to navigate regulatory requirements and demonstrate accountability. By prioritizing transparency, security, and user-friendly consent processes, companies can effectively address these challenges and build consumer trust.
TAM: How can this directive help rebuild consumer trust in the digital ecosystem, particularly in the wake of growing concerns about identity theft and data breaches?
Sandeep Agrawal: The new compliance mandates, particularly around data protection and localization, are expected to significantly enhance consumer trust in tech platforms. As consumers become more aware of data privacy risks, the assurance of stringent compliance measures, secure data storage, and user consent will increase their confidence in sharing sensitive information. By adhering to the DPDPA and implementing transparent data-handling practices, fintech and consumer tech platforms can demonstrate a commitment to safeguarding personal data. This shift will likely lead to higher consumer willingness to engage with these platforms, knowing that their privacy is prioritized, ultimately fostering a more secure and trusted digital ecosystem.
TAM: With penalties for non-compliance reaching INR 500 crore, what steps should companies take to ensure adherence to these standards, and what role does this play in shaping India’s digital economy?
Sandeep Agrawal: Companies must take proactive steps to ensure adherence to data protection standards. These include implementing robust data protection policies, conducting regular audits, and establishing clear user consent mechanisms. Compliance also requires adhering to data localization mandates and ensuring secure cross-border data transfers. Additionally, training employees on data privacy and fostering a culture of compliance are essential to minimize risks. Companies should also integrate technological tools to address privacy concerns, build user trust, and maintain operational efficiency. By taking these steps, companies avoid penalties and build consumer trust, which is vital for shaping India’s digital economy. This trust encourages greater digital adoption, fueling long-term growth in the fintech and consumer tech sectors.