What’s up with your Personal Data and the Right to Privacy

In the last few days, three news articles have caught my eye as they all relate to our right to privacy and how financial services companies and insurers deal with our personal information.

The first was that 13 Indian insurance companies have come together to create a depository on policyholder data using blockchain type technology. The central idea here is that sharing of data will help reduce costs & improving efficiencies by reducing duplication of effort by individual insurers e.g. on conducting KYC processes; and also reduce the incident of fraudulent claims by sharing information.

A news article in the Business Standard quoted that “PwC’s Global Fintech Report 2017 expects 77 per cent of financial technology institutions to adopt blockchain as a process by 2020, with payments, fund transfer and digital identity management being the top areas of usage.”

Whilst the issue of what information may be collected and linked to Aadhaar, and how it may impact on citizens right to privacy is still sub-juice, this ruling is bound to be a key consideration.

However, there will clearly be data privacy concerns. For example, what private information is available to “other” companies. Customers are today being asked to provide a wide ranging “authorisation” to Insurers, banks and other financial services companies to share their private information.

Many websites, such as price comparison sites, collect customer information and collect a blanket consent to share such information with “partners”.

The second was the Supreme Court of India ruling that the Right to Privacy is a fundamental right. This ruling was made by a 9-judge panel of the Supremen Court after another panel of judges considering a petition on the matter of the Aadhaar Scheme and its collection of private citizen biometrics and linking all manner of transactions to Aadhaar, referred the matter to a larger constitutional bench.

Which brings us to the third development – a very timely recommendation by Household Finance Committee of the Reserve Bank of India – which has recommended that there is a need for Financial Institutions to move away from a “Consent based approach to Privacy Rights” to a “Rights based approach”. The RBI Committee published its reports a mere few hours after the Supreme Court judgement.

The Committee report said “We note that technological advances like machine learning and big data have changed the ways in which we process data and as a result, have made consent a less-than- effective tool to protect personal privacy.”

The Committee’s report noted that “all financial technology solutions require the use of households’ personal information, a form of wealth in itself”. The Report noted that India lacks a formal legal framework for data protection.

Whilst regulations are playing “catch-up”, businesses are moving ahead at a faster pace with investments to utilise personal information for their benefit. It is therefore imperative that regulators remain vigilant and bring in place effective regulations quickly to protect consumer privacy.

Whilst a data protection law may take a while to bring into place, individual regulators RBI, IRDA and SEBI can bring in place tighter guidelines that prevent misuse of customer data.

Individuals need to be aware of how their private information may be used; and ask financial intermediaries and companies for safeguards; or in absence of such safeguards refuse to give consent.