Mumbai, August 25, 2017
There is a need to adopt a rights-based privacy framework in household finance rather than the widely prevalent consent-based approach, a Reserve Bank panel has said.
“(We) suggest adoption of a rights-based privacy framework in contrast with the more common consent-based privacy framework,” the report of the Household Finance Committee of the central bank said.
The panel was set up following discussions in a sub-committee of Financial Stability and Development Council on April 26 last year. The RBI published the report hours after the Supreme Court gave its landmark judgement affirming privacy as a fundamental right yesterday.
“We note that technological advances like machine learning and big data have changed the ways in which we process data and as a result, have made consent a less-than- effective tool to protect personal privacy,” the report said.
Therefore, it is imperative to deploy an alternative system to protect data privacy, it said, adding the law should create a class of technically skilled intermediaries authorised to review algorithms that process personal data to evaluate whether the data is being processed in a privacy-neutral manner.
“The new privacy framework should contemplate the creation of a Data Commissioner who shall be responsible for redress of grievances as well as for establishment of standards of accountability and transparency,” it said.
“Our current belief is that rather than consent, a robust privacy framework in the modern world may call for a rights-based approach,” it said.
“Data controllers (financial firms) will also be responsible for ensuring accountability, transparency, non-discrimination and data security while processing data,” the panel recommended, adding they will be held accountable for any breach.
Noting that “all financial technology solutions require the use of households’ personal information, a form of wealth in itself”, the committee said it is “worried” the country lacks a formal legal framework for data protection.
“There is no formal privacy statute and the closest thing to a formal privacy law is in the rules enacted under Section 43A of the IT Act of 2000 that spell out, in general terms, privacy obligations that apply to anyone who collects and processes sensitive personal data,” the report said.
“Continued lack of clear privacy regulations presents an ever-increasing risk to personal privacy,” it said.
In most countries, privacy and data protection regulations restrict the extent to which data are available for both transactional and research purposes, it noted.
The committee was headed by Tarun Ramadorai, a professor in financial economics at Imperial College London, and had representatives from all financial regulators. Most of its recommendations are not mandatory and open for public comments at present.
The panel was also of the view that there should be a mandatory catastrophe insurance with automatically triggered pay-out in zones with high natural disasters like floods and earthquakes risks, Ramadorai said, adding that this was the only mandatory suggestion made by the panel.
“The panel suggested a set of standardised norms across regulators for financial advice, supported with a fiduciary standard for financial advisers,” Ramadorai told PTI over phone from London.
The panel also proposed simple home insurance policy covering structure and contents at a low premium.
[The Hindu Business Line]