India: Adopted Guidelines on Digital Lending

On 2 September 2022, the Reserve Bank of India, the country's central bank, adopted the Guidelines on Digital Lending, outlining data protection provisions that banks and other non-banking financial institutions issuing digital loans have to comply with when outsourcing parts of the creditworthiness assessment process to third parties. The Guidelines elaborate on the Regulatory Framework for Digital Lending adopted in August 2022. The Guidelines specify that data collection by the lender is based on necessity and requires the borrower's explicit consent. Furthermore, the lenders may only store data necessary for operational purposes, and are prohibited from storing biometric data. Finally, the guidelines state that the entities must use servers located in India and make their data storage and privacy policies publicly available.