Can banks really lock your mobile phone remotely for non-payment of EMI? Lawyers explain

The Reserve Bank of India (RBI) is reportedly planning to allow banks to remotely lock mobile phones purchased on credit if the borrower fails to repay the loan.

News agency Reuters reported recently that the RBI is planning to update its Fair Practices Code (FPC) in a bid to curb rising defaults in small-ticket consumer loans.

Under the revised FPC, the RBI may allow lenders to obtain explicit prior consent from borrowers before activating any locking feature/app on mobile phones bought on credit, according to the report.

Is it legally possible for any bank or statutory body to remotely lock a mobile phone? We spoke to four lawyers to understand the legal perspective on this issue. The article below explains what they said:

Current laws do not allow remote locking, but it is possible

The existing consumer protection laws, including the Consumer Protection Act, 2019, and the Information Technology Act, 2000, do not specifically address locking of mobile devices by financial institutions if borrowers default on loan repayments, according to experts.

Pranav Bhaskar, Partner and Head of Corporate Practice at SKV Law Offices, said, "Currently, no statutory body in India, including the Reserve Bank of India, banks, or any other financial institution, possesses the legal authority to remotely lock any citizen’s smartphone.

Shashank Agarwal, Founder, Legum Solis, said, "As of today, RBI or banks or any other statutory authority do not have any legal power to remotely lock people’s smartphones simply on default. Instead, the Information Technology Act protects tampering of electronic devices by any person remotely without the consent of the owner of such a device."

Aditya Chopra, Managing Partner, The Victoriam Legalis said, "RBI enjoys broad powers under the Banking Regulation Act, 1949, and the RBI Act, 1934, which bestow RBI with regulatory and supervisory powers over banking and non-banking financial companies in India. Nevertheless, the authority to access smartphones, to allow direct interference with the customers’ personal devices sails across murky waters and hence, merits an in-depth examination of multi-facet legal issues."

The practice of remotely locking a smartphone currently exists in a regulatory grey zone with no comprehensive legal backing. However, remotely locking the mobile phone is still possible

"The RBI itself had, in 2024, directed lenders to discontinue the practice of phone-locking of borrowers who default on their loan payment. However, the RBI, after consideration, is now preparing to reverse this position through amendments to its Fair Practices Code, with updated Guidelines expected to be issued in the coming months," said Bhaskar.

"In RBI’s Fair Practices Code, there exist provisions to the effect that the lenders can resort to repossession of the vehicle financed by them. Therefore, if similar clauses are put and the consumers are duly informed at the time of purchase of the phone and financing for the same, then that may enable the lenders to act accordingly and legally," said Agarwal.

Will it stand the test of law?

Saurabh Sharma, Partner at Juris Corp, said, "Till the time it is well-informed consent, there should not be any legal problem to implement remote locking of smartphones. This also depends on the terms and conditions agreed with the customer, where the lender may retain the title of the product, and which gives it the inherent title to take such action."

He further said that it is fair to expect that the central bank will provide necessary safeguards to avoid unnecessary or arbitrary usage of such a right by the lenders.

"Necessary arrangements should also be put in place as to how the personal data, including the sensitive data recorded in mobile phones should not be accessed by any third party before putting such a locking mechanism," said Sharma.

How can a phone be locked?

"Under the upcoming RBI framework, lenders will be permitted to employ device-locking applications only upon obtaining a mandatory prior consent from the borrowers. The proposed rules will strictly prohibit lenders from accessing personal data stored on locked devices, limiting their authority exclusively to rendering the phone temporarily inoperable," said Bhaskar.

Privacy concerns

Bhaskar said a significant concern centres on the fact that mobile phones constitute an essential infrastructure for the purposes of work, emergencies, accessing government welfare benefits, among other day-to-day needs.

Even though the mechanism of phone locking will work through a certified software installed during loan origination, capable of disabling devices without providing access to the data of the borrower, the potential risk of misappropriation of personal data of the borrowers remains.

"In the event RBI does introduce this practice of phone-locking of defaulting borrowers, it will have to ensure that the fundamental right to privacy under Article 21 of the Indian Constitution and data and consumer protection laws shall not be violated," said Bhaskar.

Chopra said the concern would not only be limited to cyber laws governed under the Information Technology Act, 2000, which deals with unauthorised access and data protection, considering such extensive power also crosses paths with one’s constitutional rights vested in the form of the right to privacy.

He pointed out that the Supreme Court in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017) 10 SCC 1, had upheld the right to privacy as a fundamental right under Article 21 of the Constitution.

"Accessing an individual’s phone can give rise to multiple issues, including breaches related to privacy, confidentiality, and unauthorised access to sensitive information. This means that in case the RBI actually plans on having access to personal devices, it must not only involve explicit consent of the borrowers, but the authority would also have to satisfy the tests of legality and proportionality when gauged against the limitations of the Indian Constitution," said Chopra.