Key Points
- India has instructed fintech companies to stop using PAN cards without permission.
- This move is in line with the Digital Personal Data Protection Act, 2023.
- PAN card misuse was common in building customer profiles, particularly in lending and financial services.
- Companies had unauthorized access to sensitive data, including names, addresses, and credit scores.
- The aim is to protect citizens’ personal information.
- This action is part of a wider effort to strengthen data privacy in India.
Looma News
In India, the government is taking action against the growing misuse of PAN cards by fintech and consumer tech companies. The Indian Cybercrime Coordination Centre (I4C), which operates under the Ministry of Home Affairs, has told companies to stop using PAN card data without permission. The goal is to protect citizens’ personal data and ensure companies follow proper data privacy rules.
PAN cards have become more than just identity proof in recent years. Some companies have been using PAN card details in a practice called “PAN Enrichment” to create detailed customer profiles. This has been especially common among lenders who use PAN information to verify applicants’ personal and financial data. Some companies have even accessed sensitive information like addresses, phone numbers, and tax details linked to PAN cards.
The unauthorized use of PAN card data is a serious privacy issue. In some cases, companies have even gained access to users’ credit scores. Although the crackdown has shut down many of these unauthorized activities, it’s still hard to pinpoint specific offenders, as these practices are often embedded within companies’ internal processes. Experts warn that the misuse of PAN cards could have far-reaching effects on consumers, as these cards have become a key resource for gathering personal data in the digital world.
This move follows the Digital Personal Data Protection Act (DPDP) 2023, which requires companies to get explicit consent from individuals before handling their personal information. The government’s actions are part of broader efforts to protect citizens’ Personally Identifiable Information (PII) and to ensure stricter compliance with data privacy laws. These steps come after a Supreme Court ruling on Aadhaar and are expected to change how data is managed and processed in India’s digital economy.
