Startup Originals Team
India’s digital payment industry, led by the National Payments Corporation of India (NPCI), is urging the government to provide exemptions from certain provisions of the Digital Personal Data Protection (DPDP) Act. The push comes as payment companies voice concerns about operational hurdles and compliance challenges introduced by the new data privacy law.
Industry’s Request: Relief from Consent and Data Processing Clauses
The DPDP Act, enacted to strengthen consumer data privacy and control, requires organizations to obtain specific, informed consent for processing users’ personal data. Payment platforms, however, argue that the “explicit consent” requirements and other compliance measures under the new law could disrupt critical payment infrastructure and affect millions of daily transactions.
NPCI and industry associations have reportedly approached the Ministry of Electronics and Information Technology (MeitY), seeking relaxation or exemptions, especially for processes that are essential for fraud detection, regulatory reporting, and seamless payment operations. The payment ecosystem points out that many backend data processes are required by law or for ensuring the system’s security, making repeated consent cumbersome and impractical.
Key Concerns: Operational Impact and Customer Experience
- Real-time Transactions at Risk: With UPI and other digital payments processing billions of transactions, any delay caused by additional consent layers could undermine speed and reliability-core features that have made digital payments so popular in India.
- Compliance vs. Necessity: Payment entities highlight that much of the data processed (such as transaction logs, authentication, and dispute resolution) is a regulatory or operational necessity, not for profiling or marketing.
- Fraud and Security: Delays or restrictions in accessing user data may weaken the sector’s ability to monitor risks in real-time, potentially exposing users to more fraud.
Regulatory Dialogue: The Path to Balance
The government is reportedly open to reviewing feedback and exploring sector-specific exemptions or clarifications within the DPDP rules. Industry leaders have called for alignment between the DPDP Act and existing financial regulations, noting that the Reserve Bank of India (RBI) and NPCI already impose strict data security requirements and oversight on financial service providers.
What’s Next?
While no final decision has been taken, the dialogue highlights the need to balance robust data protection with the practical realities of critical infrastructure like payments. The sector awaits further government response as the finer details of DPDP Act implementation-especially around exemptions and regulatory harmonization-are still being worked out.
Conclusion: Striking a Balance for India’s Digital Payments
The push for DPDP Act exemptions shows the tension between consumer privacy and operational efficiency in high-volume, real-time sectors. The resolution will shape not only payment experiences but also set precedents for how essential services adapt to India’s evolving data protection landscape.
