RBI Opposes Privacy Law

Posted on February 17, 2025 by Vijayashankar Na

Until Mr Shakti Kant Das was the Governor of RBI, it appeared that RBI could be relied upon for taking care of the interest of the public. In the Bit Coin case, RBI had taken a bold principled stand which unfortunately had been over ruled by the Ministry of Finance under Mrs Nirmala Seetharaman It was known as the triumph of corruption over national interest.

Now with the new Governor Mr Sanjay Malhotra who was earlier a revenue secretary and has been instrumental in legitimizing Bitcoin using tax as an excuse, the confidence in the RBI as a protector of the public interest is at stake.

This is well reflected in the challenge RBI has mounted on DPDPA 2023 and the Supreme Court judgement on Privacy by stating that “Credit Firms are not required to obtain User’s Consent to maintain Credit Scores” in an affidavit filed with the Supreme Court in the Suryaprakash Vs Equifax and others.

The way Credit rating firms like CIBIL were taken over by foreign companies like TransUnion was directly a consequence of RBI not monitoring the “Data Laundering” that was behind such take overs. Today RBI has gone a step further and is trying to give a free hand to CICs for misusing and profiting from the Credit information of the 140 crore Indians.

The Supreme Court frowned when IRCTC wanted to conduct a survey on whether it is possible to monetization its data and forced it to withdraw the proposal. Whenever UIDAI wants to take day to day operational decisions, Supreme Court pounces on UIDAI to limit its operational freedom.

Now we need to see how committed is Supreme Court in accepting the view of RBI that a consumer has no role in the CICs profiling his credit functioning often causing harm to the data principals.

We consider that the law of DPDPA 2023 should prevail over the earlier CIC law which itself has been fraudulently misused for purposes for which it was not intended.

Under the legislative intent of CIC Act, the credit rating agencies were meant to assist the Banks from reducing their NPAs by preventing borrowing with multiple Banks by a defaulter. It was not the intention to monetize the Credit data of consumers and let US companies make money.

RBI has been a silent spectator in this data loot and must be considered as a co-conspirator in this data laundering exercise.

The current stand of RBI only confirms that RBI wants to challenge the Right of an Individual to determine how his personal data is to be processed by the Banks and for what purposes they can share the data with other Banks. CICs are a third party and if they want to process the data of Bank customers, they have to obtain consent like any other data processor or a joint data fiduciary.

RBI has admitted that the CICR Act was brought as a part of the risk mitigation policy of the Government to arrest accretion of fresh NPAs in the Banking sector. For the same reason the CICR Act does not empower the US Companies to create “Credit Rating” from out of data shared by the banks and sell it to all loan companies at a price.

RBI’s counter affidavit is mis-representation and must be rejected.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.