top of page

Digital Lending And Data Privacy: Aligning RBI’s 2025 Guidelines With India’s New Data Protection Law




Ankit Kumar & Bijendra Shandilya, B.B.A. LL.B., Indian Institute of Management, Rohtak


ABSTRACT


Digital lending has grown very fast in India because of the rise of smartphones and new financial technology. But this rapid growth has also created serious problems related to privacy and the safety of borrowers. Many fake or unfair loan apps started misusing people’s personal data. They collected too much information and even harassed borrowers when they could not repay loans. These issues made the Reserve Bank of India (RBI) take strict action. In May 2025, the RBI released new rules called the Digital Lending Directions, 2025. These rules bring all the earlier guidelines together and add stronger protections for users. They include clear consent rules, requirements to store data only in India, and a public list of approved loan apps. At the same time, India’s Parliament passed the Digital Personal Data Protection (DPDP) Act, 2023. It is the country’s first full law made to protect people’s personal data. The Act sets clear rules for using data in a fair, legal, and open way. It also creates a Data Protection Board to watch over how these rules are followed. This article studies how the RBI’s digital lending rules match or differ from the DPDP Act. It looks at important ideas like taking consent before collecting data, using data only for a specific purpose, deleting data after use, and making companies responsible for how they handle data. It also points out areas where the two laws may overlap or disagree — for example, the RBI’s rule to keep data within India and the DPDP Act’s rules about sending data abroad. The paper compares India’s approach with other countries, such as the European Union’s GDPR and Singapore’s PDPA, to understand how similar or different they are. It finally gives suggestions on how both the RBI rules and the DPDP Act can work together better, so that India’s digital finance system stays both safe and privacy-friendly.


Keywords: Digital Lending; Data Privacy; RBI Digital Lending Directions 2025; Digital Personal Data Protection Act 2023; Consent; Data Localization



Indian Journal of Law and Legal Research

Abbreviation: IJLLR

ISSN: 2582-8878

Website: www.ijllr.com

Accessibility: Open Access

License: Creative Commons 4.0

Submit Manuscript: Click here

Licensing: 

 

All research articles published in The Indian Journal of Law and Legal Research are fully open access. i.e. immediately freely available to read, download and share. Articles are published under the terms of a Creative Commons license which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

 

Disclaimer:

The opinions expressed in this publication are those of the authors. They do not purport to reflect the opinions or views of the IJLLR or its members. The designations employed in this publication and the presentation of material therein do not imply the expression of any opinion whatsoever on the part of the IJLLR.

bottom of page