Why Do Small Firms Stay Small?

By Aryasilpa Adhikari, IFMR Capital 

In India across various industrial and trading clusters, small scale manufacturers and traders use manufacturing methods aided by simple tools and technology, basic machines (usually old-reused machines which have outlived their useful life) and low skilled labour to produce and trade goods that get either locally consumed or form a part of the larger OEM[1] value-chain as part manufacturers. These businesses are generally very small, employ less than 6-7 people (low-skilled) and usually offer reasonable income to its owners. While proliferation of a number of smaller businesses opens up employment opportunities, avenues for cheaper “Cost of goods sold”[2], and indicates a thriving and growing economy, empirical research[3] across the world has suggested that the spurring up of tiny units of manufacturing is less likely to promote a stable and resilient economy as compared to a developmental model driven by medium scale manufacturing enterprises.

For a growing and rapidly industrialising economy, the proportion of small to medium scale enterprises is always in flux. A mix more inclined towards medium scale enterprises will ensure absorption of unskilled workers, better capital productivity and technological efficiency[4]. Theory and experience from other developing and industrialised countries have suggested that firms should be encouraged to grow beyond the micro-enterprise level to enable the manufacturing sector to generate employment, to produce efficiently and to trigger technological development. In spite of a strong case for promoting medium scale enterprises and Government of India’s consistent push for the SME sector (in the form of fiscal packages and policy reforms), small and micro enterprises still form a whopping 96% of total registered MSMEs in India[5]. Most businesses start and remain very small.

This post highlights the reasons for the firms staying small based on anecdotal evidence, commonality and trends observed among smaller firms. The methodology used is direct observation, conversations and in-depth interactions with small and micro-business owners (90 firm owners) across 8 states of India in their major industrial and manufacturing clusters. The subsequent sections will highlight major trends exhibited by small enterprises and factors that determine such behaviour and trends.

For the purpose of clarity, this post defines an enterprise as small on the basis of (a) number of workers employed – usually six or less, and (b) annual turnover less than INR 40 Lakh (INR 4 million).

Commonalities observed among small business owners:

Irrespective of nature of product, profitability, business vintage, industry and even geographies the small businesses operate in; they exhibit strikingly common characteristics in terms of their choice of labour-mix, place of production, machine, product offering, supplier selection, bargaining ability, pricing decisions, market discovery ability and risk appetite. While the labour-mix, place of production and low capital intensity offers small firms the power of flexibility to survive uncertain business environments, poor bargaining capability, low risk-appetite, weak market outreach and a non-existent control over pricing decisions, act as constraints for small firms to grow.

Small firms usually have low-paid or unpaid labour and mostly follow a family organisational pattern. The women folk of the households usually double-up as unpaid labourers, offering the flexibility of reduced wage costs to the firm. This pattern is overwhelmingly prominent in firms that use rudimentary production technology and techniques that are transferred across generations. For instance, hand block print textile firms and lac-bangle-making units in Jaipur, rugs and carpet manufacturing units in Panipet rely heavily on low-paid and unpaid labour, usually the women folk of the household.

A majority of small firms usually operate from free or in-expensive workplaces as these are places of business activity and production. Many firms find it convenient to incur and absorb additional cost for transportation of finished goods to buyer locations instead of producing in a costly near-to-buyer location – A case in point being the number of very small firms spread across the outskirts of the Pitampura industrial hub in Indore or in the outskirts of Hosur industrial zone producing exactly the same products as that of the units located within the zone, but with the added cost-advantage. These units dodge the high rental expense and offer the cost-advantage proposition to buyers.

Most of the small firms have exhibited low level of capital investment. They tend to operate with simple tools and equipment for production, which means lower fixed costs and lower maintenance costs. Investments in bigger machines would require significant capital, skill upgradation and a strong visibility of order pipeline to attain the turnover that would economically justify capital-infusion. Firm owners usually track their capital investment vis-à-vis turnover. The decision to invest additional capital is triggered on the basis of visibility of order pipeline to achieve the turnover target. In the absence of any one of the above parameters, firm owners find it risky to invest in technology upgradation and tend to continue remaining small. Many small firm owners have confided that low physical capital helps them change their product mix to meet changing demand or input availability without worrying about the unutilized expensive equipment.

Smaller businesses or firms within an industry segment tend to produce identical or nearly identical products – both in terms of quality and design, without offering significant product differentiation. This has implications over the pricing power of the manufacturers (and subsequently on margins) as well. The buyers always command an upper hand in pricing in the absence of clear product differentiation. The shoe manufacturing cluster in Karampura prominently highlights this commonality of small firms. Taking a close look at the tiny-shoe manufacturing units in Karampura cluster, it will be extremely difficult to identify what differentiates one manufacturer from the other. Surprisingly all of the manufacturers supply to 3-4 buyers (middle-men) in the region. The firm’s ability to choose its own buyer is limited by the quality and quantity of output produced by the manufacturer (bigger buyer will buy from a relatively bigger manufacturer).

Small firms find it difficult to identify or discover markets beyond localised markets. This can be attributed to lack of information, both on part of consumers and manufacturers, to discover each other. It is difficult for consumers to learn about the existence and quality of different firms’ outputs. As a result, consumers often buy exclusively from a local producer, and producers sell mostly to local customers. The limited size of their potential customer base limits firms’ ability to grow[6]. A comparison of firm size and profitability of manufacturers in the Kolhapur and Karampura shoe clusters will prominently highlight the fact that market discovery beyond local markets has contributed significantly to the overall profitability and prosperity of Kolhapur shoe unit manufacturers.

Understanding the factors driving the commonalities:

Specifically addressing the question of “why do small firms stay small” and the reasons for demonstrating the common behaviour- a significant number of factors like lack of capital, lack of skill – technical and managerial, limited market availability, weak policy and infrastructure frameworks and low risk-appetites contribute to constricted growth. However, it was observed that it is primarily the risk management strategies of small firm owners (given all other factors kept unchanged or nearly stable) that prevents or augments the growth of small firm owners into medium scale enterprises.

On the basis of discussions with small firm owners who have been profitable for more than 2 years and have still remained small, it was found that they have invariably adopted risk-averse strategies of opting for a product line which promises lower certain returns as compared to a variable one with higher expected value from a new product line. Many firm owners clearly mentioned that their choice of business line or product mix is determined by the ability of the product to offer a minimum income to them. While a few expressed an intention to take their business to the next level, they were constricted by a lack of capital and skill. For instance, a first generation entrepreneur, whose business was in making automotive spark plugs, illustrated this point aptly. He wanted to purchase a new machine that would enable him to introduce a new product line for his 8 year old business. He had collected about INR 10 Lakhs from personal savings to purchase the machine. He required additional INR 8 Lakhs to set up the machine. However, he could not raise the additional capital and was forced to stay small.

Many small-firm owners have managed risk through flexibility – flexibility which is achieved through employing low-paid or unpaid labourers (in lean seasons, firm owners and labourers take up alternate income generating activities), working in inexpensive workplaces (reduces the overhead expenses during lean periods), flexibility in level of capital deployed. On the basis of discussions with collection executives for various financing companies who deal with recovery from stressed firms, it was found that small firms invariably fall into financial stress when they compromise on capital-flexibility – if a significant chunk of capital is blocked at the firm level and it is unable to generate the expected return, firm profitability plunges. However, businesses with higher vintage are better placed to invest capital in business, mainly because of strong networks built over a period which would ensure better order visibility.

The risk appetite of small firm owners has also engendered an inertia against moving to new product lines and venturing into new markets or unknown geographies. Many businesses clearly stated that growing to a medium scale enterprise will force them to be compliant with various regulatory requirements and hence, they find little incentive to expand beyond the “small-firm”. Instead they find it more lucrative to open/invest in a second small business or purchase an asset which would offer economic security in the event of failure of the first business. For instance, a classic example of this behaviour was observed in Mr. Durgalal (name changed), a stone carving firm owner in Jaipur, who insisted that he would prefer to remain an owner of a 4-member labour team and buy agricultural land instead of investing capital in buying new machines for stone cutting or securing labour advance. Small firm owners resort to livelihood diversification instead of investing in the same business.

While intuitively the risk management strategies adopted by small-firm owners, safeguards them from uncertainties of the business environment, at a broader macro-economic level, the larger goals of employment generation and efficient production remain unachieved. The true benefits of a growing economy will be realised when the proportion of medium scale enterprises increases and this shift would require targeted and specific strategies that would address the risk-concerns and risk-response of small firm owners.

[1] Original Equipment manufacturers

[2] Cost of goods sold (COGS) is the direct costs attributable to the production of the goods sold.

[3] The Growth and Decline of Small firms in Developing Countries by Alex Coad, Jagannadha Pawan Tamvada; An Analysis of Small Business and Jobs by Brian Headd, Success in Small and medium scale enterprise: the evidence from Columbia by Cortes, Mariluz; Berry, Albert; Ishaq, Ashfaq, Risk and growth in Nairobi’s small scale manufacturing by McCormick, Dorothy

[4] Risk and growth in Nairobi’s small scale manufacturing by McCormick, Dorothy

[5] Annual Report by Ministry of MSME 2015-16, 2017

[6] Information, demand and the growth of firms: Evidence from a natural experiment in India by Robert Jensen, Nolan Miller


Policy Directions for a Modularised and Well-Functioning Financial System

By Deepti George, Dvara Research

In our concluding blog post in the series on the conference we recently hosted, we attempt a synthesis of the big pertinent questions that emerged from the discussions.

The Conference noted that in financial regulation, there are certain non-negotiable principles from a regulator’s point of view namely: financial stability, AML (Anti-Money Laundering) requirements, customer fair practices, depositor protection, and institutional neutrality. However, flexibility is afforded for aspects such as micro-prudential regulations, activities undertaken, product types, ownership rules and customer interfaces. These would apply to the modular world just as it did for the non-modular world even while there was acknowledgement that the former is exposed to a whole new set of risks as elucidated in the previous posts. Currently, in context of financial products, Indian regulations employ a range of tools designed to protect consumers ex-ante, such as product design regulations, disclosure and incentives regulations and codes of conduct. However, with respect to consumer data, limited and ineffective regulations exist, driven by the Information Technology Act 2000[1] and with additional limited data protection regulations prescribed by each financial sector regulator.

We discuss below the broad themes that emerged from the Conference and which would benefit from further exploration both in terms of research and policy priorities:

1. How do we design strong data protection regulations in financial services?

The protection of individuals’ privacy is a policy goal as important as financial inclusion. It was noted that privacy harms tend to be of a permanent nature and cannot be undone, therefore deferring them to later may not be the best policy response.

The sessions discussed regulatory mechanisms to protect consumers from data harm. While India’s data protection legislation is still in the making, most of the principles of existing data protection regulation are founded on the “notice” and “choice” model. They were created for the use case where the data subject was physically handing her data over to the processor, with complete awareness of the content of data and the purpose of its collection, and she could exercise control over how much information she shared with the processor. However, there is growing consensus this model has become ineffective due to various reasons. In order to improve the data protection regime, there needs to be more research conducted to understand how individuals’ valuation of privacy needs to inform policy discourse. Unfortunately quite often this involves presenting dire trade-offs to consumers.

Therefore, more nuanced ways of framing questions around the value of personal information need to be designed.

  • How should the regulator design incentives for markets to adopt privacy enhancing techniques like privacy-by-design or privacy-by-default?
  • How does the financial regulator create greater standards for transparency and accountability in a modular financial system?
  • What are categories of data that firms engaging in financial services should not be allowed to collect or use for the design and delivery of products?

The Conference discussion predates the Supreme Court of India’s judgment[2] recognising a fundamental right to privacy guaranteed to all Indians[3], as well as the Report of the RBI Committee on Household Finance and the White Paper of the Committee of Experts of Data Protection, both of which underscore the importance of a robust framework for data protection.

2. How do we strengthen market conduct regulations in a modular financial system?

Conduct regulations have focussed on training, and adequate disclosures at the point of sale. There was broad recognition that current mechanisms have minimal efforts directed towards systematic detection of conduct violations. The use of disclosure was very important as a regulatory tool to achieve a “Do No Harm” outcome for the customer. However, it is perhaps a mediocre or even too low a bar to set for ourselves in terms of what financial services can achieve for the end customer. Even if customers may on average ‘learn’ to choose good products for themselves, those who cannot fend for themselves, ie, the ones at the ‘tails’ in the distribution are important from the point of requiring regulations to be protected. At the other end is ensuring that customers get provided with products that are ‘optimal’ for their financial lives. Aiming for a middle ground between these two extremes would be a good target to work towards for the financial sector. With the proliferation of different mediums and channels to engage and provide financial services, and the emergence of multiple players seated within each product delivery channel, there was a strong sense that the relevance of existing conduct regulations needed to be strengthened significantly.

However, market conduct does not have separate treatment by regulators, with the focus being on supervision of micro-prudential requirements, besides the extensive and wrongful prescription of such requirements to fix consumer protection problems. Existing market conduct regulations are most likely observed in institution-specific or product-specific or distribution channel-specific Fair Practice Codes rather than them being function-specific (such as for credit, insurance, savings and deposits, payments, investments, pensions), leading to regulatory arbitrage opportunities for market participants to tend towards setting up businesses under licenses that afford laxer regulatory treatment. This can be both between regulators as well as between different licensing arrangements or product-level regulations put forward by the same regulator. Therefore, the overarching question would be

  • What are conduct regulation tools that can be used in addition to the disclosure and consent model to ensure protection against unsuitable sale for the consumer?

The emergence of a modular financial system further exacerbates misconduct risk, as described in previous sections, and raises questions on assignment and enforcement of liability in the case of misconduct.

  • Are liability regimes feasible regulatory responses to the Modularisation in financial services? If so, how can we change the legal infrastructure to support the creation of a meaningful liability regime?

3. How do we design necessary and sufficient micro-prudential regulations for new entrants?

The application of the micro-prudential regulations has to be designed in a way that it minimises regulatory arbitrage between institutions providing similar functions such that it promotes competition between institutions. For example, it is worth questioning whether the micro-prudential tool of licensing in itself is required for all the different types of modular institutions described in the previous section. More efforts need to identify the principles that will further decide the regulatory requirements that will serve as ‘entry barriers’ to ensure viability and orderly development of firms and their ability to keep promises to their customers regarding the levels of business proposed by them when beginning operations.

Most modular entities can be summarised to fall into either of two buckets: Distributors and Manufacturers. Market conduct regulations would have to be applied in the case of any firm in the business of distribution in order to ensure to protect the consumer from the harms defined. Differential application of prudential regulatory tools would have to be applied based on the level and types of risks that are being housed by the firm. Micro-prudential regulations should be designed to maintain a pre-defined target probability of failure of regulated institutions. The smooth functioning of the resolution infrastructure of the country and the success of the IBC and the FRDI Act would be key to achieving this. The introduction of risk-based pricing of deposit insurance, which is yet to become a reality in India, would continue to be a bottleneck to achieving efficient resolution of banking institutions.

4. How do we improve ex-post consumer grievance resolution in a modular financial system?

Current architectures in financial services entail enforcement of customer protection primarily through ex-post grievance redressal mechanisms for each regulator and regulated institution type (case in point being there being no Ombudsman for complaints against NBFCs), and consumer protection forums/ courts. To the extent that systematic mis-selling or unfair contractual treatment of consumers goes undetected by consumers themselves, there are limited[4] supervisory efforts towards information gathering and analysis of conduct of financial services providers that is sufficient to serve as deterrent to institutional conduct malpractices. Depending on whom the duties to take enforcement measures exist, such powers are either not strong enough to have adequate teeth or have not been exercised in a strong manner (as is currently being exercised for prudential regulations).

The unified consumer redress of the Financial Redress Agency (FRA)[5], by design, provides a good solution to these problems above and needs implementation focus. Taking the redress function out of the regulator’s day-to-day focus can help the regulator focus and strengthen core functions using feedback from the FRA. Further,

  • How can technology be leveraged effectively to capture, channel and resolve consumer complaints, and be put to use by individual institutions and as supervisors?

The major challenges in order to collect consumer grievances were identified such as limited accessibility provided to grievance collection points, lack of transparency on the actions taken on the grievance and its eventual resolution. Some cases of using technology to resolve these issues were highlighted.

The firm that interfaces with the consumer would play the most important role in ensuring the resolution of the complaint. It would be the responsibility of the platform, for instance such as BankBazaar, to notify the relevant third party firm or manufacturer responsible for the processing of the payment or settlement of the insurance claim. However, there needs to be a lucid framework to assign liability across all the entities involved in the transaction.

5. How do we accurately measure systemic risk in a modular world?

The Conference saw a debate around whether or not Modularisation of financial services would indeed contribute to existing levels of systemic risk. There was broad consensus that, many of the functions that the new entrants are fulfilling do not particularly change the location of risks. Modularisation has enabled multiple access points for access to financial products. Given the increase in the number of firms providing more customised products, especially credit, there was a discussion around whether the increased number of originators would increase or decrease the concentration risk to particular customer segments. The larger question is on how the supervisory authority would effectively identify the sources of contagion risk and be able to measure systemic risk in a modular world.

The full Conference Proceeds can be accessed here.

[1] For a discussion on the efficacy of the Information Technology Act in the context of financial data, please see Electronic Financial Data and Privacy in India, IFMR Blog, December 23, 2016 (http://www.ifmr.co.in/blog/2016/12/23/electronic-financial-data-and-privacy-in-india/)

[2]  Justice Puttaswamy & Anr v. Union of India & Ors, ALL WP(C) No.494 of 2012 (http://supremecourtofindia.nic.in/pdf/LU/ALL%20WP(C)%20No.494%20of%202012%20Right%20to%20Privacy.pdf)

[3] A summary of the judgement and its relevance can be found at The Right to Privacy Judgment: Initial Reflections on Implications for Digital Financial Services, IFMR Blog, August 25, 2017 (http://www.ifmr.co.in/blog/2017/08/25/the-right-to-privacy-judgment-initial-reflections-on-implications-for-digital-financial-services/)

[4] A Brief Comparison of Ombudsman Frameworks, IFMR Blog, April 10, 2017 (

[5] Report of the Task Force on Financial Redress Agency, Government of India (http://dea.gov.in/sites/default/files/Report_TaskForce_FRA_26122016.pdf)


Customer Centricity Challenge

In February 2018, CGAP, SPTF, Leapfrog and Dvara Trust (formerly IFMR Trust) are organising a learning event on customer centric business models in Mamallapuram, Chennai, India. The event titled “Customer Centricity: Enabling Financial Choices and Positive Outcomes for Low-Income Customers” is intended to influence financial service providers, investors, and policymakers to adopt a business model that is based on understanding and serving the unique and diverse needs of low-income customers.

As part of the event, we are inviting entries for a contest on customer-centric business practices. The contest is intended to give financial service providers that have implemented innovative customer-centric solutions a platform to share their journey and ideate with key stakeholders from the sector. Winning entries will be showcased at the event that will also host donors and investors.

More details about the contest can be found here. The last date for receiving entries is Dec 8, 2017.


Concerns for Prudential Regulation in a Modular Financial System

By Nishanth K, Dvara Research

This post is part of our blog series on the Conference on Designing Regulations for a Rapidly Evolving Financial System hosted by Dvara Research.

In the previous blog post, we discussed about existing and new kinds of harms to consumers in a modular world, and consequently the need for consumer protection regulations to be strengthened in tandem with the trend of “Modularisation” in the financial system. This post deals with the concerns for prudential regulation in a similar environment.

Prudential regulation is commonly understood as capital regulation – regulation that requires firms to maintain adequate capital resources to ensure that there is no significant risk that its liabilities cannot be met. The primary function of a prudential regulatory framework, however, is to impose well-defined conditions for entry and propagation of activity by firms in the financial system. This should be done in such a way that there is a stable relationship between promoting competition and preserving consumer welfare and systemic stability. From the regulatory perspective, it is important that regulations are applied in a manner that is function-specific and institution-neutral in order to make sure competition in the market is sustained. Taking the example of credit intermediaries, several institution-types come to mind, that provide the function of credit intermediation, such as banks, NBFCs, and even Telecom companies through Direct Carrier Billing, and yet the manner in which some of the micro-prudential rules have been designed so far are inadvertently skewed against smaller institutions and certain institution-types.

Existing micro-prudential regulation design may provide an uneven playing field between incumbents and newer market players

Micro-prudential regulations typically concern with achieving a pre-defined target probability of default of regulated firms. The ‘probability of failure’ of firms is to be regulated, and the role of regulation is not to bring down the failure probability to zero but to make sure that the market is protected from unstable institutions while at the same time remaining competitive. Given that NBFCs are an early example of dis-intermediated institutions, it is important for us to consider the current regulatory landscape of NBFCs and understand anomalies if any. For example, Non deposit taking NBFCs (NBFCs-ND) provide credit intermediation functions similar to that of a bank without the acceptance of deposits. However, it has been the case that NBFCs have been prescribed capital requirements higher than those of banks. The design of these high capital requirements for NBFCs has been rationalised, for the most part, by the following:

  1. To protect the depositors of banks and the other creditors of the NBFC from the usually high levels of concentration risk.
  2. To compensate for the “lower touch”[1] regulations with regard to market conduct and consumer protection

In this case, the regulator should instead consider strengthening banks’ ability to assess the risk of lending to NBFCs and encourage risk-based pricing of funds as required. Stronger consumer protection and conduct regulations have to be developed and sufficient regulatory capacity should be created to enforce them instead of the ostensible use of micro-prudential regulations to solve a consumer protection problem. These high capital requirements have resulted in negative implications for the sector such as restricting credit growth and higher interest costs for consumers. It has also created an anti-competitive environment for NBFCs.

Existing regulatory frameworks may not completely capture new modular firms

Powerful tools such as licensing would need to be carefully applied as it can serve as the most critical barrier to entry. Regulatory framework should avoid taking a central planning approach while designing regulations for these newer entities with non-traditional business models. Regulatory design should consider whether the exact function of the modular firm justifies a need for regulatory oversight and if so, what the optimal channel to apply regulations is. Policy makers should not be considering details of or interfering with the kinds of business models as well as product-designs that should exist for the customers.

An instance of this is the regulation for Small Finance Banks (SFB) requiring them to originate 75% of their assets as Priority Sector Loans (PSL), a case of the regulator deciding the business models of regulated entities. The Revised Regulatory Framework for NBFCs[2] released by the RBI discusses the pre-conditions for the application of Prudential and Conduct Regulations. It is noted that prudential regulation, more specifically capital regulation, would apply to any NBFC that has access to public funds[3]. Conduct regulations would apply to any NBFC that has a consumer interface. This framework could be used as a base to identify the newer types of firms that would require prudential regulations. In many cases, the modularised entity providing an essential function while working with a bank or NBFC is covered by third party guidelines[4].

Measuring systemic risk becomes harder in the case of Modularisation

With the increasing number of participants in the financial services sector, and the increasing ease of manufacturing and delivering customised credit products for customer segments, it is likely that this could lead to a rapid expansion of credit in the economy. The increase in the availability of cost-effective delivery channels and better data-driven credit assessments might encourage lenders to concentrate on certain segments. It is likely that there is high concentration risk in particular customer segments such as urban salaried class who are currently experiencing the benefits of increased access to credit.

It could also be argued that the effects of Modularisation could bring down systemic risk as it would encourage lenders to diversify to segments that were traditionally neglected due to the lack of under-writable information. For example, better data driven credit assessments may be available on SMEs which may encourage banks and NBFCs to lend more to these segments. Hence, Modularisation could have an indirect positive or negative impact on systemic risk. It is important to now place special emphasis on employing tools to measure and understand systemic risks in the modular world.

It is thus evident that modularisation is going to have a significant impact on both micro and macro prudential risk in the financial system. Regulators would need to proactively anticipate these risks and design regulations accordingly.

In the concluding post of this series, we outline and briefly discuss the academic and policy research questions that emerged from the deliberations of the conference.

[1] Review of NBFC Regulatory Framework – Recommendations of the Working Group on Issues and Concerns in the NBFC Sector (https://www.rbi.org.in/scripts/bs_viewcontent.aspx?Id=2619)

[2] Revised Regulatory Framework for NBFCs, 2014, Notification, Reserve Bank of India (https://rbi.org.in/scripts/NotificationUser.aspx?Id=9327)

[3] ibid


Privacy on the Line: What do Indians think about privacy & data protection?

This post is authored by the Future of Finance Team at Dvara Research.

We met Sulekha[1] in a village in Uttarakhand. She was talking about the information she considered most important to her: her ration card, Aadhaar card, NREGA job card and her phone number. When asked how much she would sell this information for, she visibly withdrew saying she did not want any money for it. What would she need to share this information? She replied simply: a guarantee that it would not be misused.

Sulekha was one of the 50 people we spoke to as part of a small, deeply qualitative study on which the Future of Finance Initiative (FFI) at Dvara Research partnered with Dalberg Design and CGAP. We set out to understand: ‘how do ordinary citizens of India think and act on their privacy and data protection?’ Across four regions of the country (Maharashtra, Uttarakhand, Tamil Nadu and Delhi) we used the Human Centred Design (HCD) method to have discussions to understand not just what people say, but how they think, act and feel. The final report on the study is available here.

Our conversations in the field revealed that contrary to common perception, people in India care deeply about their personal data and privacy. Respondents were surprised that service providers could share their personal information with third parties and wanted to be informed of such sharing. People were also sensitive about sharing their personal data such as photos, messages and browsing histories—even with their family—and were unwilling to sell certain types of personal data like their telephone numbers.

Even the data that they were willing to share in order to receive services came with conditions. People wanted to know how their data was handled. They also, much like Sulekha, wanted an assurance from providers that no harm would come to them through the use of their data. Many of the interviewees recognised their inability to understand standard notice clauses and wanted more visual forms of consent that they could easily understand without relying on others.

Alarmingly, most interviewees had experienced fraud (especially via phone impersonators), and did not know how to protect themselves or seek redressal. Women, in particular, were highly vulnerable to reputational harms, and self-censored themselves (for example by not sharing phone numbers or photos) to protect themselves.

Although the government and its institutions inspired universal trust, people working in government institutions were not trusted with personal data – unless the employees came from the same community group or geographic area. Agents of banks and mobile network providers were also recognised as common perpetrators of illicit disclosures of personal data.

In cases where harm was caused to them as a result of a data breach, the respondents wanted easy access to seek redressal, and wanted to be compensated fully.

We heard individuals asserting their right to have their personal information treated responsibly. They indicated clear and strong preferences for a system that provides them agency and control over their data. Citizens at the grassroots want a data protection regime where providers are held accountable and are obligated to treat personal data responsibly.

You can read the full report here and watch the below video on the study.

[1] Name changed. Note: The details of the respondents in the main report were included with their permission and after informing them that a report would be released on this topic.