While Banks have already started empowering their hands by the use of EVA (Electronic Virtual Assistants) for a variety of activities including streamlining of regular inquiries, simplify typing, time transactions, notifications etc.
These EVA (Electronic Virtual Assistants) in banks make use of Natural Language Processing (NLP) for improving their cognitive ability. However, such EVAs communicate with users & customers of the Banks through text as also voice so as to get answers to their specific queries in a quick and effective manner.
The Union Budget 2022 outlines the setting up of 75 Digital Banking units in 75 districts by scheduled commercial banks. There is no denying the basic premise that these Digital Banks may make use of EVAs as a new normal for everyday banking needs. Further, AI (Artificial Intelligence) is the mover and shaker of these digital times.
EVA, BANKS & CYBER LAW
The Question in your mind is that EVA, Banks and Cyber Law, what is the connection? Well, any interactions, information generated by EVAs are information, data in electronic format. It is in this context that Cyber Law steps in. We will have to quickly realise that the moment you use computers, computer system, computer networks, computer resources, communication device, data or information in electronic format, cyber law becomes applicable thereof.
The Indian Cyber Law consists primarily of Information Technology Act, rules, regulations. Further, such interaction, information generated by EVAs are electronic records under the Information Technology Act. The Information Technology Amended Act 2008 has taken the country and the world by storm with a new concept of an Intermediary under Section 2(w).
In simple sense, any entity collecting electronic records and providing services thereof are considered as Intermediary under the Information Technology Act, rules, regulations. Given this scenario, banks can also be considered as Intermediaries under the Information Technology Act, rules, regulations.
The big talking point is the legal status of such EVAs, can be they be considered as agents, entities, LLP’s. While seeking answering to the same, such EVAs are getting more and more predominant. I am of the opinion that this cannot be taken in partial mode.
EVA, BANKS & SENSITIVE PERSONAL DATA OR INFORMATION
The Information Technology Rules read along with Information Technology Act has come up with parameters on what is Sensitive Personal Data or Information. Passwords, Financial Information, Biometric information, Sexual Orientation, Health or Medical Records, conditions, any information required under a Lawful contract.
The Banks are walking in the area of using EVAs for communication with customers enabling them to perform simple banking activities. These interactions, communications involve the financial information like OTPs, last digits of credit cards of the customers.
EVA, BANKS AND PERSONAL INFORMATION
The Information Technology Rules read along with the Information Technology Act has come up with perspective of personal information. Any information with which you can identify an individual is considered as Personal Information. Name, email id, contact no, ip address, address, aadhar no, credit card no, debit card card no, passport etc., are classic examples of Personal Information.
The Banks are transcending the use of EVAs for various purposes as mentioned in this article and while such EVA interactions, communications deal with personal information of users including phone no registered with the banks.
EVA, Banks and WhatsApp – Cyber Legal Analysis
The Banks make use of EVAs and provide services specifically through WhatsApp in their powering position. However, WhatsApp has become the de-facto mode of communication in the times today. In no event, the author intends to demean WhatsApp and its users. Further, the author intends to put forth his view point as also promote cyber hygiene usage of WhatsApp.
The terms and conditions of WhatsApp mention that whatever one shares across its platform be it audio, video, image, text is information in public domain. Further, privacy breach cannot be claimed for any information in public domain.
Given this scenario, Banks will have to wake up to the fact that any Sensitive Personal Data or Information, Personal Information of its users, customers will have to be protected under the law. The Banks will have to be sensitive to what they can, what they cannot, do while making use of WhatsApp.
Further, the Banks will have to be alive as to how they can swim in these choppy waters. It is the logical corollary that in order to use the said services, the terms and conditions will have to be accepted and the same is more a legal basis for an e-contract.
The digital dreams of digital banking are a collective wisdom and casts a huge responsibility. However, the conduct of the Banks may have got unnoticed at the time being, but cyber law and cyber security will be the two constant life companions in the era of digital banking.
EVA, BANKS, PRIVACY
With the latest judgement of Hon’ble Supreme Court, the privacy is now a fundamental right of every citizen in the country. The privacy shall also consist of data privacy which includes protection of user or customer’s privacy. However, the banks shall have to look at enhancing the digital skillsets of its employees, staff as also ensure that privacy of its users, customers are protected at all times.
Further, the Banks will have to look at the scenarios wherein EVAs will protect the privacy of its customers, users. However, in case of any privacy breach by the EVA, who is accountable is a question that the world has to be answer.
While currently there is no complete clarity regarding the legal status of EVA, however, from a Liability perspective, the Banks making of such EVA may also be cast with liability. But the question remains that in case such EVA has any technical issues which resulted in such privacy breach, then the coder, the organisation that developed or conceived such EVA may also face privacy breach liability.
EVA, BANKS, CYBER DUE DILIGENCE
The interesting aspect here is with respect to the Cyber Due Diligence that a Bank will have to comply with while using EVA. The Cyber Due Diligence under IT Act, rules, regulations bring forward the requirement of having these policies as an Intermediary.
• Privacy Policy
• User Agreement
• Terms and Conditions
• Grievance Mechanism
However, the fact of the matter is in case EVA collects such information of user, customer during such interactions, communications, then how will the aforesaid policies be drafted unless legal status is accorded to EVA. While this remains a sticky wicket.
EVA, BANKS, CIVIL CONTRAVENTIONS
The Banks will have to realise that any contravention with respect to unauthorised access and other aspects thereof, shall expose the banks to cyber contraventions under the Information Technology Act, rules, regulations.
Further, the Banks will have to comply with the Information Technology Act, rules, regulations while discharging their obligations under the law. In the light of use of EVA in Banking, the fundamental question that arises is the access provided by Banks to the EVA considered as legitimate access under the law.
The contravention under IT Act, rules, regulations made there under shall expose the Banks to damages by way of compensation. The Information Technology lays down the adjudication up to INR 5 crores to be adjudicated by an Adjudicating Officer, who is usually the IT Secretary of the State.
EVA, BANKS, CRIMINAL LIABILITY
The Banks will have to understand that non-compliance to the Information Technology Act, rules, regulations in the light of EVA will expose the Bank to criminal liability of imprisonment ranging from 3 yrs- Life Imprisonment, fine amounting to INR 1 Lakh- 10 Lakh. However, in the event, such liability arises out of the action of the EVA without the attribution of the Bank, then the liability aspect becomes a different matter altogether.
EVA, BANKS, CYBER CRIMES
The Banks will have to be looking at cyber crimes from a different viewpoint altogether given the use of EVA. Just imagine a situation wherein the EVA interaction, communication results in a cyber crime, cyber security breach, then the liability has to be encapsulated in a differential manner.
EVA, BANKS, TECHNO LEGAL ASPECTS
There are many techno legal aspects in the light of EVA, Banks. There are many a times wherein the user will be able to activate, deactivate some crucial and critical aspects relating to credit card usage for online transactions, international transactions, atm, pos transactions etc. However, in the event the user opts for one choice and the EVA acts in a different manner, then there shall be techno legal aspects arising thereof.
This is how I see things happening in the digital banking space with regard to use of EVA. I believe that the Banks will have to gain practical deep insights while making use of such EVA in order to provide a personalised and simple banking user experience. I am of the opinion that Banks should be mindful of these aspects and cannot afford to brush these below the carpet given the mass migration of digital banking services.