What If Poor People Do Care about Privacy of Their Financial Data

06 December 2012

I appreciate Rafe and Sarah’s post on this blog which discussed the connections between financial innovation and customer data privacy and security. I work on responsible finance at CGAP and think that this is a really important conversation. It is also one that would benefit from better data and a more refined framework of potential benefits and risks, which would help us judge developments in the markets based on “digital footprints” and the case for or against policy and regulatory responses.

Digital footprints are a brand-new topic for us and we would really like to hear from you with your views on the different issues raised around data handling, security, ownership, and privacy.

I’d like to weigh in with four questions and comments:

Impact of consumers’ data and privacy concerns on their uptake of innovative services

In the previous blog post, Sarah asserts that the vast majority of low-income consumers in developing countries would welcome the kind of targeted advertising and products that data mining would enable. Rafe says he’s not so sure if this is true, and even if it is, he questions whether it is a good thing. At some level, this seems to me to be an empirical and hopefully testable question.

Do base-of-pyramid consumers value privacy of their financial data? Do they worry about how their data is being handled (or might they worry if they had a way to know how it is being handled)? Might these concerns even help explain the at-times disappointing uptake we are seeing for innovative financial services and delivery channels? Rather than trying to persuade each other that one view or another is better, it would be great to have insights from on-the-ground research as to whether lower-income consumers do care about who can see their data (government security body, tax authority, retailer, neighbor who owns the corner convenience store or airtime distribution business, etc.) and how it is used. The answers are likely to vary a lot from place to place. As Sarah points out, we’d need to be careful to design the questions in ways that balanced potential benefits and risks/costs. Some of the answers might surprise us and they would certainly shed light in finding service offerings that balance consumer and provider interests, as well as informing proportionate regulatory responses.

Don’t we need to know more about both the demand and supply sides of this issue?

I’m uncomfortable with the implicit assumption that “privacy and strong data security are luxuries that may matter to us but the poor cannot afford.” Before we move forward on this assumption, I’d like to see us make a real good-faith effort to come up with workable models of informed choice, whether opt in or opt out. We are already making progress on this in the context of credit information sharing. It would be good to reflect on this experience so far. Don’t we need more evidence as to whether and how informed choice is posing barriers in this area and other efforts to commercialize consumers’ data for mining and cross-selling purposes?

We need to test the demand side of this – can it be made to work effectively and meaningfully with the types of consumers who are the focus of financial inclusion efforts? I suspect that there might be some relevant lessons already out of initiatives such as the Smart Campaign (www.smartcampaign.org ), which addresses this concern as one of 7 core client protection principles for the microfinance sector. And we need to test what are the actual consequences on the supply side, in terms of cash costs of compliance for providers under an “informed choice” rules regime and other implications for the viability of their business models. Sarah raises important concerns, but I’d like to see more specificity as to the chilling effect that some basic rules would have on innovation around use of digital footprints.

If it proves workable, is informed choice a good starting point for “proportionate” policy responses?

Remember, the basic concept of “proportionality” is actually to identify and balance potential benefits, costs, and risks, and then to do a reality check on what can be implemented given regulatory and supervisory capacity. Personally, I would not consider some basic ground rules around data handling and security to be “drastic” consumer protection measures and I think they might be consistent with a proportionate approach. Furthermore, I would bet that sometimes it is better to lay out simple rules early and permit innovation to develop within that context, rather than having to retrofit protections for consumers afterwards into a rapidly-innovating market with many business models, once problems have cropped up.

We look forward to your comments on this issue. Do any of you researchers or providers have insights from your experience in the field about whether and how lower income and less experienced consumers think about how their financial service providers handle their data, and how it might be affecting their behavior in taking up new (or for that matter, conventional)  services? What is the perspective of providers who are seeking to use non-traditional data for targeted marketing or cross-selling of services? And feel free to share your own personal views of the practical and ethical considerations we should take into account in the future in balancing potential trade-offs.


--------- The author leads the responsible finance agenda at CGAP



Submitted by kate mckee on
Peter and Chris -- Thanks for your comments. We would very much like to hear from others of you who have insights from the field, data, or useful concepts on the very important point that Chris Linder raises -- what are the specific privacy-related concerns of different segments of clients (or non-clients, to the extent that this is a barrier to uptake)? He reiterates a point that Sarah made in the kick-off post -- that different people will have different aspects of the data privacy/security/ownership/use bundle of issues that matter most to them.

Submitted by Peter van Dijk on
Thank you for raising awareness and discussion on this topic. If Microfinance is considered to be a potentially important tool for the sincere emancipation of low-income, marginalised citizens, then identification (registration of all citizens) and protection of civil rights, including all their data, take a central place. Considering the continuing difficulties of demonstrating evidence for the importance of Microfinance (apart from the "anecdotical" evidence), has the time not come to publicly question the social and democratic commitment of experts and MF promotors who state that “privacy and strong data security are luxuries that may matter to us but the poor cannot afford"? Chris' comment on poor people having to form groups to benefit from MF/MC (and the continuing hiding of common sense that group dynamics, including solidarity, change, often weaken over time) might also tell us something about the strong influence that the charity spirit still has on MF, preferring "caressing charity victims" and organising theatrical events where the anonymous, defenseless poor continue to be figurants, broadly smiling quiet ornaments. Thank you Kate, regards, Peter

Submitted by Chris Linder on
Hi Kate, Great post. I completely agree with you that we should ask if it is important - and after asking that question we should probably ask what does privacy mean to you? For us, privacy is more about not being exposed to thieves or internal staff fraudsters through the internet, the mail, or internal databases. For poor women clients, it may be that they do not want their husband or mother-in-law to know what they have saved. Or for youth clients, not wanting parents/"guardians" to know how much they have saved up - less they be asked to give it up. The answer may even - hold on to your hats - tell us that the group lending/savings model is not ideal to uphold this principal due to prying neighbors or over-powerful group leaders. It may have very little to do with how papers are shuffle and stored or security levels in the IT system are handled and much more about the very business model and how and where communication is handled.

Add new comment