· Digital Lending & Data Privacy  · 3 min read

Can You Sue Lending Apps for Data Breaches? Important Information for Borrowers

Find out your rights as a borrower when digital lending apps misuse your data. Learn how to act and claim compensation under Indian law.

Find out your rights as a borrower when digital lending apps misuse your data. Learn how to act and claim compensation under Indian law.

In today’s digital world, getting a loan is often as easy as installing an app. But while digital lending apps offer convenience, they can also put your details at serious risk. Reports of unauthorised access, misuse, and even the selling of borrower data are becoming more frequent. If you’ve ever wondered whether you can take legal action against a lending app that leaked or shared your data, the answer is yes. Thanks to stronger data protection laws in India, borrowers now have more power than ever before.


What Is a Data Breach?

A data breach happens when your personal, financial, or sensitive information is viewed, shared, or posted without your permission. In the case of lending apps, this may involve:

  • Sharing your Aadhaar, PAN, or bank details without approval

  • Accessing your phonebook or gallery without clear consent

  • Harassing your friends or family using your data

  • Selling your loan details to third parties

These actions are not just wrong — they are illegal under Indian law.


What Laws Protect Borrowers?

1. Digital Personal Data Protection (DPDP) Act, 2023

This new law mandates that companies and apps must:

  • Collect only the data they need

  • Use the data clearly and fairly

  • Get clear permission before accessing personal data

  • Delete the data once the job is done

If a lending app breaks these rules, it can be fined — and you can ask for compensation.

2. Information Technology (IT) Act, 2000

Under Sections 43A and 72A, companies can be fined or even jailed for:

  • Handling data carelessly

  • Sharing your data without your permission


What To Do If Your Data Is Misused

  1. Collect Evidence

    • Take screenshots, record calls, or save any proof of how your data was misused.
  2. Contact the App

    • Email or write to the app and its NBFC (if any).

    • Clearly describe what happened and ask them to stop.

  3. Complain to the Data Protection Board

    • The DPDP Act created the Data Protection Board.

    • You can file a complaint here if your data was misused.

    • Keep your language clear and detailed.

  4. Go to Cybercrime Police

    • Visit your local police station or file a report online at https://cybercrime.gov.in

    • Especially useful if you faced threats or your contacts were disturbed.

  5. Send a Legal Notice

    • Ask a lawyer to send a notice to the app or NBFC.

    • Mention how they violated your rights under the DPDP or IT Acts.

  6. Move to High Court

    • If your case involves serious harassment, identity theft, or affects multiple people,
      you can approach the High Court under Article 226 of the Constitution for compensation or a restraining order.

Can You Get Compensated?

Yes. Under both the DPDP and IT Acts, you may be entitled to compensation for:

  • Mental harassment

  • Reputation damage or job loss

  • Financial loss due to the breach

Indian courts have already fined companies heavily for privacy violations.


Final Thoughts

Digital lending may be convenient, but it comes with serious risks. You don’t have to accept privacy violations in silence. As a borrower in India, you have powerful legal rights.

Know them. Use them. Protect your data.
You are not just data to be sold — you have the law on your side.

Related Posts

View All Posts »