The role of financial market authorities has changed due to the growing datafication of securities market. The securities exchange board of India (SEBI) in India now heavily depends on the mandatory know your customer (KYC) regulations, centralized registries, transaction level surveillance, algorithmic trading oversights, and digital grievance redressal system, all of which entail the large-scale collection, processing, sharing, and retention of transactional and personal data. While these practices are justified in the interests of market integrity and investor protection, they raise significant legal questions in the context of the DPDPA, which establishes a comprehensive framework for personal data protection grounded in consent, purpose limitation, data minimization, the accountability. This article addresses whether SEBI’s data intensive regulatory framework effectively positions it as a de facto data regulator, given the absence of any explicit legislation stating the same. In addition to the DPDPA and the constitutional privacy jurisprudence under justice case K.S.Puttaswamy vs union of India, this article examines SEBI rules, circulars, and surveillance in systems using a doctrinal and analytical methodology. It illustrates how SEBI has functional authority over the data life cycle insecurities markets, leading to jurisdiction overlap and conflicts between data protection law and security regulation. This article makes the case that the DPDPA assumes regulatory coexistence without offering clear institutional hierarchy or conflict resolution procedures, therefore failing to effectively handle the function of sectoral regulators. This regulatory silence risks diluting investor privacy protection, increasing compliance uncertainty for intermediaries, and undermining constitutional requirements of proportionality and democratic accountability. This article suggests a harmonized regulatory structure that acknowledges SEBI functional data governance role while incorporating strong data privacy protections, drawing on limited comparative observations from the US and the UK. It concludes that an order to meet in both market integrity and constitutional legitimacy in India’s data driven financial ecosystem, it is imperative to explain the interaction between securities regulation and data privacy laws.