Following up on consent-less auto fetch privacy violations in BBPS
In October 2018, CashlessConsumer had brought to your attention about privacy breach in BBPS related to non-consensual retrieval of bill data of consumers by various apps / bill payment services operated by several authorized agents.
Privacy Breach in Bharat Bill Payment System
CashlessConsumer has complained to BPSS, RBI about the practices of BBPSOUs like PayTM, PayUMoney, Google Pay India…
We wrote a letter to BPSS, RBI and copied to CEOs of NPCI and entities violating consent.
NPCI, on its part, issued a circular which is to be complied by BBPS ecosystem of BBPSOUs and their agent partners from 1.1.2019.
However, even after a year, we still find several apps / services not taking consent for auto-fetch, provide option to opt-out and instead have only found that the incidents have only increased. This is further evident from the statistics published by NPCI.
In this context, even as the Personal Data Protection Bill, 2019 has been sent to Select Committee of the parliament, we are urging RBI and NPCI to provide a detailed public report on the incident and take steps to prevent such unfettered data mining by private entities to build credit profiles of individuals using bill data.