Published Paper Details:

Data privacy is of great concern as fintech grows because financial information is sensitive, and the number of digital transactions is increasing. This paper puts in comparison the three prime data protection models which are the General Data Protection Regulation (GDPR) in the EU, the Digital Personal Data protection (DPDP) Act in India and the United States sector-specific legislation including HIPAA and CCPA. It studies the implications of such models of laws on the design of IT systems in fintech platforms and data architecture. GDPR is rights, rights based, and extraterritorial in nature, as well as global in scope, implying especially rigid adherence to its requirements even on the part of U.S. companies. India DPDP is based on some principles of the GDPR but incorporates such specific requirements as presumed consent and child data protection. Conversely, the U.S. does not have a single law, and therefore there are scattered compliance strategies. In this paper, it has been indicated that despite the laws gaining more transparency, privacy policies are more extensive and difficult to comprehend. To designers of IT systems, this will entail a complex regulatory environment that will require solid principles, such as Privacy by Design, routine Data Protection Impact Assessments (DPIAs) and applications of technologies, including blockchain, to achieve better accountability. The study says that adaptive and privacy-oriented design of systems is necessary in order to address the compliance requirements of different people across the globe and various enforcement issues that are dynamic.