· Digital Lending & Data Privacy · 3 min read
Can You Sue Lending Apps for Data Breaches? Important Information for Borrowers
Find out your rights as a borrower when digital lending apps misuse your data. Learn how to act and claim compensation under Indian law.

In today’s digital world, getting a loan is often as easy as installing an app. But while digital lending apps offer convenience, they can also put your details at serious risk. Reports of unauthorised access, misuse, and even the selling of borrower data are becoming more frequent. If you’ve ever wondered whether you can take legal action against a lending app that leaked or shared your data, the answer is yes. Thanks to stronger data protection laws in India, borrowers now have more power than ever before.
What Is a Data Breach?
A data breach happens when your personal, financial, or sensitive information is viewed, shared, or posted without your permission. In the case of lending apps, this may involve:
Sharing your Aadhaar, PAN, or bank details without approval
Accessing your phonebook or gallery without clear consent
Harassing your friends or family using your data
Selling your loan details to third parties
These actions are not just wrong — they are illegal under Indian law.
What Laws Protect Borrowers?
1. Digital Personal Data Protection (DPDP) Act, 2023
This new law mandates that companies and apps must:
Collect only the data they need
Use the data clearly and fairly
Get clear permission before accessing personal data
Delete the data once the job is done
If a lending app breaks these rules, it can be fined — and you can ask for compensation.
2. Information Technology (IT) Act, 2000
Under Sections 43A and 72A, companies can be fined or even jailed for:
Handling data carelessly
Sharing your data without your permission
What To Do If Your Data Is Misused
Collect Evidence
- Take screenshots, record calls, or save any proof of how your data was misused.
Contact the App
Email or write to the app and its NBFC (if any).
Clearly describe what happened and ask them to stop.
Complain to the Data Protection Board
The DPDP Act created the Data Protection Board.
You can file a complaint here if your data was misused.
Keep your language clear and detailed.
Go to Cybercrime Police
Visit your local police station or file a report online at https://cybercrime.gov.in
Especially useful if you faced threats or your contacts were disturbed.
Send a Legal Notice
Ask a lawyer to send a notice to the app or NBFC.
Mention how they violated your rights under the DPDP or IT Acts.
Move to High Court
- If your case involves serious harassment, identity theft, or affects multiple people,
you can approach the High Court under Article 226 of the Constitution for compensation or a restraining order.
- If your case involves serious harassment, identity theft, or affects multiple people,
Can You Get Compensated?
Yes. Under both the DPDP and IT Acts, you may be entitled to compensation for:
Mental harassment
Reputation damage or job loss
Financial loss due to the breach
Indian courts have already fined companies heavily for privacy violations.
Final Thoughts
Digital lending may be convenient, but it comes with serious risks. You don’t have to accept privacy violations in silence. As a borrower in India, you have powerful legal rights.
Know them. Use them. Protect your data.
You are not just data to be sold — you have the law on your side.