ai15i2019 No Fintech company meets every single privacy requirement under IT Act: CIS report| The News Minute Advertisement Pay Premium for just 5 Yoars & Get Life Cover till 85 Years. \) Perea ‘8C apply Will36592018-19 Pri y No Fintech company meets every single privacy requirement under IT Act: CIS report ‘The study shows that privacy policies companies such as Paytm, Jio Payments Bank, Airtel Payments Bank, Amazon Pay, Bhim are not accessible from the main website. Shilpa $ Ranipeta Monday, June 10, 2019 - 18:13 hp: inatheneweminul.comdaricainontach-company-meel-every-sngl-pivay requirement undev-acteepor-1039087amp 0e115i2019 No Fintech company meets every single privacy requirement under IT Act: CIS report] The News Minute Advertisement ‘A study by the Centre for Internet and Society on privacy and security policies of Fintech companies in India has shown that no company met every single requirements under the Section 43A Rules of the IT Act. A study of privacy policies of 48 companies has also shown that privacy policies of major entities such as Paytm, Jio Payments Bank, Airtel Payments Bank, Amazon Pay, Bhim are not accessible from the main website of the company. The privacy policies were assessed based on the privacy policy requirements mandated by the Sensitive Personal Data or Information (SPD/1) Rules. Afintech company is one that combines financial services and products with technology. The companies categorised as Fintech in this study are payment gateways, payment gateway aggregators, mobile and online wallets, digital payments banks, peer-to-peer lending platforms and miscellaneous entities that share features of the above categorisation. Advertisement ES -ntps:hwwwzthenewsminute.convartce/no-intach-company-mests-every-single privacy requirement underi-act-clereport-1083667amp 20e115i2019 No Fintech company meets every single privacy requirement under IT Act: CIS report| The News Minute AWE Ne Advertisement Rule 4 of the SPD/I Rules mandates that a company that handles information should have a privacy policy that ensures it is dealing with the information provided by users as per the SPD/I Rules, It is also required that the privacy policy is published on the website of the company and is ‘clear and easily accessible’. However, the SPD/I Rules doesn't specify what would constitute a ‘clear and easily accessible’ privacy policy. In this research, CIS has studied accessibility as how many times a person has to click to access the privacy policy, ifit is readily available on the homepage, if the company states its practices for privacy in language that can be understood by someone fluent in English and does not require prior legal or technical knowledge to be understood. Here are some observations from the research: Accessibility: The study found that 38 companies have a privacy policy accessible on the main website of the company, 38 also have the privacy policy included in terms and conditions of all documents of the company that collects personal information. However, policies of only 20 companies can be understood by someone without legal and technical knowledge and 16 can be partially understood. Privacy policies of RazorPay, Oxigen, Airtel Payments Bank, Capital Float, Freecharge, BHIM couldn't be understood by someone without legal and technical knowledge. “For some of the companies the privacy policy had to be located in the terms of service or under separate categories such as ‘legal agreements’, ‘key policies’, ‘security’, further making the privacy police more inaccessible. We anticipate that unless the user is specifically looking for the privacy policy, it is unlikely for the privacy policy to be perused in the usual course of a user’s usage of the services of the fintech provider,” the report states. The study found that while most fintech companies in the sample explicitly specified personal information that was being collected, fewer privacy policies contained categorical provisions segregating the sensitive personal information that was being collected. However, it was unclear what each category specifically entailed. ES -ntps:hwwwzthenewsminute.convartce/no-intach-company-mests-every-single privacy requirement underi-act-clereport-1083667amp anoe115i2019 No Fintech company meets every single privacy requirement under IT Act: CIS report| The News Minute of the listing of information,” the report states. Option to not provide information and withdrawal of consent: Interpretation Rule 5(7) states that the company should inform users even before collecting information that they have an option to not provide the data or information. ‘The rule als option to subsequently withdraw consent from the use of the data or information specifies that the individual must also be informed that he/she has an collected by the data controller. However, Privacy Policies of 30 companies do not specify that the user has the option to not provide information. ‘These include companies such as PayU, CitrusPay, Jio Money, Airtel Payments Bank, Paytm, Fino Paytech, Capital Float, Walnut, ete. Only 17 companies specify that the user has the option to subsequently withdraw consent. Registering grievances ‘The study showed that only 16 of companies mention the existence of grievance officer in their privacy policies Rule 5(9) of the SPD/I Rules state that companies are required to have a grievance redress mechanism in place vis-a-vis the user's privacy practices. “Phirty-two companies failed to not just provide a redressal mechanism but also failed to mention the existence of a grievance officer specific to the resolution of issues that -vis the data controller's privacy practices,” the report users may encounter vi states. Language barrier All companies, except PhonePe, had a privacy policy only in one language — English. PhonePe provided a privacy policy in both English and Hindi. “With the growth of the digital economy, a multitude of Indians are using online 46 services, and it is imperative that privacy policies be accessible and understandable to all users of the service. In the context of the fintech sector, accessibility to privacy nalisiec talac an addad cianifieanca aivan tha fintach ea avnwad nromica af ES -ntps:hwwwzthenewsminute.convartce/no-intach-company-mests-every-single privacy requirement underi-act-clereport-1083667amp anoe115i2019 No Fintech company meets every single privacy requirement under IT Act: CIS report| The News Minute AWE ‘The research showed that few consumers, if ny, read online privacy policies, despite expressing concern about their online privacy. And pri technical and not comprehensible by a regular user. ry policies are often very Advertisement eo grammarly Instant Grammar Ch x v Trending ‘Game Over' review: Taapsee Pannu's thriller is a game changer Friday, 14 June 2019 - 12:49:08 Opinion: Why anyone who is anti-caste must stand with Pa Ranjith ‘Thursday, 13 June 2019 - 12:04:42 ES hips: wuwthenewsminule.comlartcteine“inloch-company-eels-ovary-single-prvacy-requirement-un sno