Delhi High Court seeks RBI’s stand on data protection violation by digital lending apps

The Delhi High Court on Wednesday (January 7, 2026) asked the response of Reserve Bank of India to reply to a petition alleging violation of a borrower’s right to privacy and data protection by Non-Banking Financial Companies (NBFCs) through digital lending applications.

A Bench of Chief Justice D. K. Upadhyaya and Justice Tejas Karia issued notice to the Centre and RBI, observing that the PIL by Ms. Himakshi Bhargav “raised a serious concern”.

“We are concerned with what action you are taking,” the court said.

“We require the RBI to file a counter affidavit in respect of the averments in the petition and also action taken for the enforcement of the 2025 (digital lending) guidelines. The counter affidavit filed by RBI shall discuss action taken by concerned authorities in case of violation of these directions,” the court ordered.

The petition, filed through advocates Kunal Madan and Manway Sarawagi, alleged that in spite of the issuance of Reserve Bank of India Digital Lending Guidelines of 2025, certain digital lending applications continued to access prohibited mobile phone resources such as contact lists and call logs, collected excessive personal and device-level data, and deployed coercive consent mechanisms.

“Borrowers are compelled to accept broad and non-negotiable privacy policies as a condition for availing services, rendering consent involuntary and contrary to Sections 12 of the Guidelines… The data collection practices are disproportionate and bear no reasonable nexus to legitimate purposes such as KYC or credit assessment,” the plea argued.

The petitioner claimed that in November 2025, she submitted a detailed complaint to the RBI identifying specific violations, but no action was taken.