Illusion Of Consent In Digital Lending: Rethinking Data Governance Under India’s DPDP Act

Renuka Kumari, Research Scholar, Symbiosis Law School, Noida Campus, Symbiosis International (Deemed University), Pune, Maharashtra, India

Dr. Aayushi Goel, Assistant Professor of Law, Symbiosis Law School, Noida

ABSTRACT

The rapid expansion of fintech in India has helped to increase access to formal financial credit for millions of borrowers who had been denied such access. However, this access rests on an increasingly uncomfortable foundation; the continuous extraction of personal data as a condition of financial participation. This commentary examines the notice and consent framework of the Digital Personal Data Protection (DPDP) Act 2023 as it operates within digital lending ecosystem. It argues that although consent is made obligatory under section 6 of the Act, it is more of a formalistic requirement than a genuine expression of autonomy because of the position of dependence of borrowers and the dominance of lenders. The bundled permissions embedded in fintech interfaces normalize extensive data extraction and thus produces the ‘privacy for credit’ trade-off of power in the credit ecosystem. By examining the data credit nexus, the current commentary shows financial inclusion is increasingly mediated through behavioral visibility. It argues that there is a need to move beyond the regime of consent and towards institutional responsibility as the organizing principle of fintech governance.

Keywords: Digital Personal Data Protection Act (DPDP), Digital Lending, Financial Inclusion, Data-Credit Nexus, Consent Architecture, Behavioral Data, Platform Dominance, Fintech Governance, Privacy for Credit.