Fintech – Balancing Financial Inclusion and Data Privacy

“The test of our progress is not whether we add more to the abundance of those who have much; it is whether we provide enough for those who have too little.”   - Franklin D. Roosevelt

Roosevelt’s words provide a unique lens to judge the progress of developing economies. While the Indian economy is slated to reach a size of USD 5 trillion by 2024-2025, a fifth of the Indian population still living below the poverty line, do not see any meaningful progress. One of the significant structural barriers is the lack of financial inclusiveness. The Indian government is now encouraging the utilization of the latest technologies in the distribution of financial products and services or ‘fintech’, as a means to increase financial inclusiveness.

In my practice as a financial regulatory lawyer working with fintech companies, I have also observed the potential of financial technologies in increasing financial inclusion. For instance, through my work I was exposed to the importance of global investment in fintech companies in South Asian developing countries. However, such investment does not happen in vacuum, the financial regulators of India have been working hard over the past few years to develop the fintech market in India. To this end, the regulators have taken several initiatives, namely introduced regulatory sandbox to test fintech products in controlled in environment (“Sandbox Framework”) and released a framework for establishing a ‘not for profit’ pan-India umbrella entity for retail payments to develop and push technologies for retail payment (“UE Framework”).

Fintech platforms (“Fintech”) are the next big thing, for example, in India several online/app platforms have come up providing online financial solutions. Fintech services involve significant reliance on consumer financial data and its analysis using techniques such as machine learning and other forms of artificial intelligence. The centrality of consumer financial data and the increased sensitivities surrounding such data create a highly vulnerable data ecosystem requiring stringent data protection and privacy laws.

Under the current framework, all entities collecting, processing, or storing sensitive personal data or information (which includes personal/medical information) (“SPDI”) are required to formulate privacy policies for handling or dealing with SPDI. These privacy policies must set out in clear and easily accessible terms, the nature and purpose of SPDI collection, and whether and how SPDI is shared.

However, in my experience, the current market practice produces hyper-technical privacy policies that only comply with the minimum legal prescriptions and are often neither clear nor user-friendly. To give a few examples, most of these policies are ambiguous on the type of SPDI being collected, the purpose for processing SPDI, and the retention or disclosure policies. The privacy policies are also designed to be unintelligibly vague through the use of over-inclusive terms such as ‘inter alia’, ‘including’, ‘information such as’, and even, ‘etc.’ in their operative descriptions.

One solution could be a legislatively mandated base template customized for data privacy policies for the Fintech sector. I draw inspiration from our labor jurisprudence. All industrial establishments with more than a hundred employees are required to formulate their employment terms and conditions based on a legislatively stipulated template. The idea is to protect employees from their unequal bargaining position. A direct parallel is the retail consumer who is subject to a take-it-or-leave-it click-through contract forcing him/her to compromise on his/her internet privacy. A pre-set template can establish unequivocally drafted baseline standards and help even out the compromise between internet privacy and access to Fintech services. The template can also be used to require Fintech companies to draft user-friendly policies.

In the food industry, nutrition labels are now required to include a tabular summary simplifying nutritional contents, which is known as smart disclosures. Smart disclosures have enabled consumers to make better-informed choices and created shifts in consumption patterns. A tabular summary disclosing the collection, processing and use of SPDI could similarly facilitate a move towards better data privacy standards, such as through the use of preference matching software shortlisting various services based on a consumer’s privacy preferences. A tabular summary can also provide a solution to the twin problems of information insufficiency and the inherent information overload associated with Fintech services.