“My data or yours?” Unraveling Privacy Among Consumers of Digital Credit in India

Context

Digital Financial Services (DFS) often rely on a mix of personal data provided by consumers, and data collected and curated from multiple sources such as social media by the fintech platforms. To make lending decisions, many fintech platforms use not only personal and financial data provided by the data subjects, but also alternative data such as social media streams or networks or digital footprints created by people’s online browsing activity.

This approach holds promise for increasing financial inclusion, particularly in contexts where formal financial institutions have excluded individuals without a credit history or credit score. However, it also requires sharing data owned by multiple parties with third party agencies such as financial service providers or credit scoring organizations. Sharing content such as correspondence, aggregated information, photos, audio clippings or videos could result in privacy intrusions and negative consequences for others in the network who never explicitly agreed to the sharing of that content.

Despite the relative youth of the industry, fintech platforms have already been implicated in a number of troubling privacy intrusions. Further, many notions of privacy focus solely on the individual — for example, whether consent for data collection and/or sharing was provided — leaving unaddressed circumstances when content containing details about multiple individuals is voluntarily shared on a network. This is referred to as the problem of Multi-Party Privacy (MPP), and is the background for this study. Given the combined and co-owned data under consideration here, digital credit presents an excellent site within which to study MPP and its implications for different categories of consumers.

Study Design

This mixed methods study will be conducted by researchers at The International Institute of Information Technology, Bangalore (IIITBD) with support from partners at Consumer Unity & Trust Society (CUTS). The study will have four parts: an initial controlled observational analysis, a large-scale survey supplemented by in-depth interviews, focus group discussions, and finally a contextual observational analysis. Focusing on a diverse group of DFS consumers in India, researchers will learn about the Attitudes, Concerns and Perspectives (ACP) of consumers towards their data and privacy, how different consumer subgroups evaluate trade-offs between access and privacy, and how they navigate privacy boundaries with their lenders and associated third parties.

The observational studies will deepen understanding of how participants negotiate MPP boundaries in practice and will inform the design of survey instruments examining privacy boundaries, practices, negotiations, and redressal mechanisms. The survey will be conducted with 2000 DFS consumers across India, including both urban and rural areas, with participants covering different demographics, education levels, gender and prior exposure to digital credit. Focus Group Discussions with a mix of privacy experts, fintech providers, and non-users of DFS are intended to understand issues of MPP in transacting through fintech platforms, the awareness and concerns of privacy intrusions, and possible ways to negotiate the privacy boundaries of the entities involved. A final component will involve observing the financial transactions of 50 consumers in their natural settings to delve more deeply into how their context shapes the privacy expectations and practices of different consumers.

Results and Policy Lessons

Many users displayed limited awareness of privacy issues, including the concept of co-owned data, and often felt compelled to trade privacy for convenience due to app design limitations and a lack of alternatives. Privacy concerns, such as location tracking, were particularly pronounced among women, and fraud risks associated with digital lending apps were widely reported. While regulations like the Digital Personal Data Protection Act 2023 and RBI guidelines have introduced safeguards, practical challenges in enforcing privacy measures across stakeholders persist. The study also found that consumer-oriented loans dominate the digital lending landscape, with limited progress in livelihood-based lending due to the complexities of underwriting small-scale business cash flows. These findings emphasize the need for increased consumer awareness, improved app design for informed consent, and enhanced enforcement of privacy regulations to address evolving risks in India’s digital financial ecosystem.