New Delhi [India], January 7 : The Delhi High Court on Wednesday issued notice on a Public Interest Litigation (PIL) seeking coercive action against Regulated Entities (REs), Non-Banking Financial Companies (NBFCs) and Lending Service Providers (LSPs operating digital lending applications), allegedly found to be in breach of the Reserve Bank of India's Digital Lending Guidelines.
A Division Bench comprising Chief Justice D.K. Upadhyaya and Justice Tejas Karia sought responses from the Union Government, the RBI, Google LLC and Apple India Private Limited on the issues raised in the petition.
The PIL raises serious concerns regarding alleged violations of borrowers' fundamental right to privacy and to data protection by several NBFC-backed Digital Lending Applications (DLAs) operating in India.
The petitioner Himakshi Bharghav contends that, despite the RBI's binding Digital Lending Guidelines issued on May 8, 2025, multiple platforms continue to access prohibited mobile phone resources, such as contact lists and call logs; collect excessive personal and device-level data; and employ coercive, blanket consent mechanisms.
According to the plea, the petitioner, a public-spirited student, approached the High Court in public interest to safeguard the privacy and data rights of digital borrowers across the country, particularly students, first-time borrowers, gig workers and economically vulnerable sections.
The RBI's revised guidelines, the petition notes, expressly prohibit DLAs from accessing telephony functions and sensitive phone data, allowing only limited, one-time access to features such as the camera, microphone, or location, strictly for onboarding and KYC purposes, subject to explicit consent. The petition alleges that these safeguards are being routinely flouted.
The plea further states that upon examining digital lending applications available on major app platforms, several NBFC-backed apps, including Slice, Branch, Navi, Home Credit, Simpl, Dhani, Refyne, ZestMoney, FreePay and LendingPlate, were found to allegedly continue accessing borrowers' contacts and call logs and collecting data far beyond what is necessary for legitimate lending purposes.
Such practices, it is argued, render consent involuntary because users are compelled to accept broad, non-negotiable privacy policies to access credit.
The PIL also points out that a detailed complaint, supported by documentary evidence, was submitted to the RBI on November 18, 2025, identifying specific violations of the Digital Lending Guidelines. Despite this, the petition claims that no effective enforcement action or public response has been taken, thereby allowing the impugned applications to continue operating on major app platforms.
Placing reliance on the Supreme Court's landmark ruling in K.S. Puttaswamy (Privacy-9J.) v. Union of India, the petitioner contends that the alleged data collection practices violate Article 21 of the Constitution and fail the proportionality test, having no reasonable nexus with legitimate objectives such as KYC or credit assessment. It is argued that the RBI's alleged inaction amounts to a failure to discharge its statutory and constitutional duties and results in unequal protection under Article 14.
Terming the injury as widespread, continuous and incapable of individual redress, the petitioner has urged the Delhi High Court to exercise its writ jurisdiction under Article 226 and issue appropriate directions to curb ongoing privacy violations by digital lending platforms and ensure effective enforcement of the RBI's Digital Lending Guidelines in the larger public interest.