INDIA’S ACCOUNT AGGREGATOR FRAMEWORK: LEGAL ARCHITECTURE FOR DATA PROTECTION AND CONSENT MANAGEMENT

INDIA’S ACCOUNT AGGREGATOR FRAMEWORK: LEGAL ARCHITECTURE FOR DATA PROTECTION AND CONSENT MANAGEMENT

INDIA’S ACCOUNT AGGREGATOR FRAMEWORK: LEGAL ARCHITECTURE FOR DATA PROTECTION AND CONSENT MANAGEMENT

AUTHOR – SHRUTI KESARWANI* & DR ARVIND P. BHANU**

* STUDENT OF LAW, AMITY LAW SCHOOL, NOIDA UTTAR PRADESH

** FACULTY OF LAW, AMITY LAW SCHOOL, NOIDA UTTAR PRADESH

BEST CITATION – SHRUTI KESARWANI & DR ARVIND P. BHANU, THE BLACK BOX OF AI: WHO’S TO BLAME?, INDIAN JOURNAL OF LEGAL REVIEW (IJLR), 5 (5) OF 2025, PG. 906-914, APIS – 3920 – 0001 & ISSN – 2583-2344

Abstract

This paper examines India’s Account Aggregator (AA) framework, a novel financial data-sharing ecosystem that facilitates secure and consent-based exchange of financial information between “Financial Information Providers (FIPs)” and “Financial Information Users (FIUs)”. The research analyzes the legal and regulatory framework underpinning the AA ecosystem, with particular emphasis on data protection mechanisms, consent architecture, and security requirements. The Digital Personal Data Protection Act, 2023 (DPDP Act)[1] has significantly strengthened the legal foundation of the AA framework by establishing robust provisions for data protection, consent management, and enforcement mechanisms. This paper investigates how the interplay of various regulations shapes the functioning of AAs as intermediaries in financial data sharing while ensuring user privacy and data security. The research concludes that while India’s AA framework represents a progressive approach to consent-based data sharing, several challenges regarding implementation standardization, technological barriers, and regulatory coordination remain to be addressed for the framework to achieve its full potential.

[1]              The Digital Personal Data Protection Act, 2023 (Act No. 30 of 2023).

V5I594FDownload

Download Full Article