What If Poor People Do Care about Privacy of Their Financial Data

I appreciate Rafe and Sarah’s post on this blog which discussed the connections between financial innovation and customer data privacy and security. I work on responsible finance at CGAP and think that this is a really important conversation. It is also one that would benefit from better data and a more refined framework of potential benefits and risks, which would help us judge developments in the markets based on “digital footprints” and the case for or against policy and regulatory responses.

Digital footprints are a brand-new topic for us and we would really like to hear from you with your views on the different issues raised around data handling, security, ownership, and privacy.

I’d like to weigh in with four questions and comments:

Impact of consumers’ data and privacy concerns on their uptake of innovative services

In the previous blog post, Sarah asserts that the vast majority of low-income consumers in developing countries would welcome the kind of targeted advertising and products that data mining would enable. Rafe says he’s not so sure if this is true, and even if it is, he questions whether it is a good thing. At some level, this seems to me to be an empirical and hopefully testable question.

Do base-of-pyramid consumers value privacy of their financial data? Do they worry about how their data is being handled (or might they worry if they had a way to know how it is being handled)? Might these concerns even help explain the at-times disappointing uptake we are seeing for innovative financial services and delivery channels? Rather than trying to persuade each other that one view or another is better, it would be great to have insights from on-the-ground research as to whether lower-income consumers do care about who can see their data (government security body, tax authority, retailer, neighbor who owns the corner convenience store or airtime distribution business, etc.) and how it is used. The answers are likely to vary a lot from place to place. As Sarah points out, we’d need to be careful to design the questions in ways that balanced potential benefits and risks/costs. Some of the answers might surprise us and they would certainly shed light in finding service offerings that balance consumer and provider interests, as well as informing proportionate regulatory responses.

Don’t we need to know more about both the demand and supply sides of this issue?

I’m uncomfortable with the implicit assumption that “privacy and strong data security are luxuries that may matter to us but the poor cannot afford.” Before we move forward on this assumption, I’d like to see us make a real good-faith effort to come up with workable models of informed choice, whether opt in or opt out. We are already making progress on this in the context of credit information sharing. It would be good to reflect on this experience so far. Don’t we need more evidence as to whether and how informed choice is posing barriers in this area and other efforts to commercialize consumers’ data for mining and cross-selling purposes?

We need to test the demand side of this – can it be made to work effectively and meaningfully with the types of consumers who are the focus of financial inclusion efforts? I suspect that there might be some relevant lessons already out of initiatives such as the Smart Campaign (www.smartcampaign.org ), which addresses this concern as one of 7 core client protection principles for the microfinance sector. And we need to test what are the actual consequences on the supply side, in terms of cash costs of compliance for providers under an “informed choice” rules regime and other implications for the viability of their business models. Sarah raises important concerns, but I’d like to see more specificity as to the chilling effect that some basic rules would have on innovation around use of digital footprints.

If it proves workable, is informed choice a good starting point for “proportionate” policy responses?

Remember, the basic concept of “proportionality” is actually to identify and balance potential benefits, costs, and risks, and then to do a reality check on what can be implemented given regulatory and supervisory capacity. Personally, I would not consider some basic ground rules around data handling and security to be “drastic” consumer protection measures and I think they might be consistent with a proportionate approach. Furthermore, I would bet that sometimes it is better to lay out simple rules early and permit innovation to develop within that context, rather than having to retrofit protections for consumers afterwards into a rapidly-innovating market with many business models, once problems have cropped up.

We look forward to your comments on this issue. Do any of you researchers or providers have insights from your experience in the field about whether and how lower income and less experienced consumers think about how their financial service providers handle their data, and how it might be affecting their behavior in taking up new (or for that matter, conventional)  services? What is the perspective of providers who are seeking to use non-traditional data for targeted marketing or cross-selling of services? And feel free to share your own personal views of the practical and ethical considerations we should take into account in the future in balancing potential trade-offs.

--------- The author leads the responsible finance agenda at CGAP