In a case raising serious concerns about digital privacy and regulatory compliance in the fintech sector, the Delhi High Court on Wednesday directed the Union government and the Reserve Bank of India (RBI) to respond to a petition challenging the practices of several non-banking financial company (NBFC) digital lending applications (DLAs). The matter, which involves popular apps such as Slice, Branch, Home Credit, and Simpl, has been flagged for allegedly accessing borrowers’ personal and sensitive data without explicit consent. The bench of Chief Justice D K Upadhyay and Justice Tejas Karia highlighted the gravity of the issue and scheduled further hearings for April 1, 2026.

The petition, filed by Himakshi Bhargava, a 22-year-old political science honours student, through advocate Kunal Madan, draws attention to the potential misuse of borrowers’ digital footprints by NBFC-backed apps under the guise of financial services. Bhargava contends that these applications routinely access mobile phone resources, including files, media, contact lists, and call logs, far beyond what is required for basic onboarding or Know Your Customer (KYC) verification.

Digital Lending Guidelines 2025: Regulatory Framework

The RBI’s Digital Lending Guidelines, 2025, were introduced to regulate the burgeoning digital lending ecosystem and to safeguard consumer data. The guidelines, applicable to commercial banks, state cooperative banks, and NBFCs, establish clear rules on permissible data collection, borrower consent, and grievance redressal. They explicitly prohibit digital lending apps from accessing mobile phone resources unrelated to lending operations, such as users’ media, files, contact lists, call logs, and telephone functions.

According to the guidelines, any data collected must be strictly need-based and obtained only after the borrower provides prior and explicit consent. The framework is intended to prevent overreach by fintech platforms and to protect borrowers from intrusive surveillance or coercive consent mechanisms.

Allegations Against NBFC Digital Lending Apps

Bhargava’s petition alleges that despite the 2025 guidelines, several NBFC-backed digital lending apps systematically collect data beyond what is necessary for legitimate financial operations. The apps, she claims, often embed intrusive permissions within their architecture and prompt users to grant access to sensitive resources either during installation or post-installation. In some cases, the consent obtained is allegedly coercive, leaving borrowers with little choice but to grant permissions to use the app.

“The unchecked access has allowed digital lending platforms to transform smartphones into real-time surveillance devices,” the petition asserts. “By embedding intrusive permissions into app architecture, often sought post-installation and without adequate notice, these applications gain access to borrowers’ contact lists, call logs, and other private data, well beyond what is necessary for lending purposes.”

The petition also points out that the privacy policies of these applications frequently include clauses that justify the access to borrowers’ contact lists under the pretext of facilitating transactions. In practice, however, these permissions enable the apps to harvest sensitive user information that could be exploited for purposes other than lending.

High Court Directions

In response to the petition, the Delhi High Court has directed both the Centre and the RBI to file detailed affidavits explaining their positions. The bench specifically asked the RBI to include in its response:

1. The steps taken to enforce the Digital Lending Guidelines, 2025.
2. Details of actions taken against entities found to be violating the guidelines.
3. An explanation of the regulatory oversight mechanisms in place to monitor NBFC digital lending operations.

The court emphasized that the matter raises significant questions about data privacy, consumer protection, and regulatory enforcement in India’s rapidly growing digital lending ecosystem. The bench’s observation signals judicial concern over the potential risks to millions of borrowers who rely on these platforms for financial services.

Digital Lending in India: Growth and Risks

Over the past decade, digital lending in India has witnessed explosive growth, driven by smartphone penetration, internet connectivity, and innovative fintech solutions. NBFC-backed apps have made it easier for borrowers to access small loans, instant credit, and flexible repayment options, particularly in underserved and semi-urban areas.

However, the convenience offered by digital lending platforms has also raised concerns about privacy, data security, and the potential for abuse. By collecting detailed personal information, including call logs, contacts, and media files, some apps may inadvertently or deliberately expose borrowers to surveillance, profiling, and other risks. The lack of uniform compliance and inconsistent regulatory oversight has compounded these issues.

The RBI’s Digital Lending Guidelines, 2025, represent a milestone in the regulatory landscape, aiming to balance financial innovation with consumer protection. They establish clear boundaries on permissible data collection, require prior consent, and provide mechanisms for grievance redressal. The guidelines are part of a broader effort to ensure that digital finance in India remains safe, transparent, and accountable.

Implications of the Case

The Delhi High Court’s decision to seek responses from the Centre and RBI underscores the judiciary’s increasing attention to digital privacy and fintech regulation. The case could have far-reaching consequences for NBFC digital lending apps, potentially leading to stricter enforcement of the Digital Lending Guidelines and more rigorous monitoring of data collection practices.

If the court finds that certain apps have violated regulatory standards, it could direct the suspension of licenses, impose penalties, or mandate corrective measures to protect borrowers’ privacy. Such actions would set a precedent for accountability in the fintech sector and send a strong message to digital lenders that consumer data cannot be misused under any circumstances.

The petition also highlights the role of individual citizens, particularly young professionals and students like Bhargava, in holding financial institutions and regulators accountable. Through the RTI mechanism and judicial intervention, public interest litigation has become an important tool for ensuring that technological innovations do not compromise individual rights.

Next Steps

The case has been scheduled for further hearing on April 1, 2026. Until then, the Centre and RBI are expected to submit their affidavits detailing actions taken to enforce the Digital Lending Guidelines, including any investigations, warnings, or penalties imposed on digital lending platforms. The court will examine these responses to determine whether regulatory action has been sufficient and whether additional measures are required to protect borrowers.

In the meantime, consumers are advised to exercise caution when using digital lending apps, review app permissions carefully, and report any suspected misuse of data to the relevant authorities.

Conclusion

The Delhi High Court’s intervention in the matter of NBFC digital lending apps highlights the intersection of technology, finance, and privacy in contemporary India. While digital lending has provided unprecedented convenience and financial access, it has also exposed vulnerabilities in the protection of personal data. By seeking detailed affidavits from the Centre and RBI, the court is ensuring that regulatory safeguards are enforced and that the rights of borrowers are upheld.

As India continues to embrace fintech solutions, cases like this reinforce the importance of robust oversight, transparent operations, and adherence to established guidelines. The outcome of this petition could shape the future of digital lending regulation in India, ensuring that innovation does not come at the cost of privacy, security, or consumer trust.