In many emerging economies, one of the challenges of issuing loans is the lack of consumer credit scores. Technology and innovation are helping to address this by using the Big Data generated by consumers’ use of mobile phones to estimate credit risk and determine an appropriate loan size. A critical element in this innovation is understanding consumers’ perspectives on the use of their data, the concerns they may have about the privacy of their data, and whether they are comfortable with their data being used for such purposes.
Informed consent, in which consumers are given the opportunity to grant or deny the use of their data, has traditionally been used to help protect consumers—those concerned about the use and privacy of their data can simply select “deny.” However, there are big questions about the effectiveness of informed consent. Do consumers understand what they are consenting to? Are they willing to deny consent if it means they lose access to the product or service? Can informed consent be implemented in a way that works as an effective protection tool for consumers in developing economies?
To begin answering these questions, CGAP conducted a research study with First Access, a firm that uses data analytics to analyze the creditworthiness of microfinance loan applicants in Tanzania. First Access wanted to conduct consumer research to develop an informed consent process that would better inform and protect consumers. Working together, we used a two-stage research approach. First we conducted 24 in-depth interviews to explore consumers’ take on privacy in their lives in general, as well as their understanding of mobile data and its uses and their thoughts on data privacy. We then conducted 8 follow-on focus groups, with a total of 64 consumers, to explore these issues further and to lab-test informed consent approaches.
The initial interviews showed that consumers were very interested in both the way their mobile data could be used in loan determination and in the privacy of their data in that process. In the consumer’s mind, these two issues were strongly related, and therefore we determined that informed consent messages would need to address both.
We then developed a series of SMS messages that would allow consumers to grant or deny the use of their data or provide them further information if desired. SMS messages are First Access’ preferred method for informing consumers because they are fast, efficient, and do not require the presence of a microfinance loan agent or other individual to provide materials in person. However, based on the initial interviews, we determined that some consumers would want more information than could be provided in an SMS message. Therefore, we also created a printed brochure to test with the focus groups. We tested these messages and the brochure live in the focus groups, beginning with this initial SMS message:
“This is a message from First Access: If you just applied for a loan at Microfinance Bank and authorize your mobile records to be included in your loan application, Reply 1 for Yes. Reply 2 for More Information. Reply 3 to Deny.”
Most participants chose “More Information,” because they wanted to better understand the use of their mobile data in the loan application process. We then tested the following two messages, to see if these provided the kind of information consumers were seeking:
2a. “This is a message from First Access: Mobile phone records are information captured when you use your phone, including phone calls, SMS, airtime top-up, or a mobile money account. Questions? Call First Access 12345678.”
2b. “This is a message from First Access: First Access ONLY uses your mobile phone records to make a loan recommendation to lenders. We NEVER share personal information with anyone. Questions? Call First Access 12345678.”
Responses to 2a were mixed, with nearly half of respondents indicating that they strongly understood mobile phone records after reading the message, about half expressing concerns about data privacy, and only five out of the 64 still being completely unclear on the concept. Those who remained concerned about privacy said things like, “I don’t want my records to be seen”, “my SMS conversations will be tracked,” and “I will not have privacy on my phone, everything I do will be captured.” After receiving this message, 35 out of the 64 participants said they still wanted more information.
Message 2b explained that First Access would keep the data private and not share it with anyone. Nearly all participants understood this message. Participants also said this message helped them understand how their data would be used—by explaining that First Access would make a loan recommendation to lenders. This helped them feel more comfortable with the process.
Finally, we tested the simple, printed brochure, which explained in more detail the way First Access works with microfinance lenders, the kinds of mobile phone records that would be used, and the ways the data are kept safe. The details on data privacy measures, as well as on the loan process, dominated consumers’ attention. They also found the additional information on the data itself helpful and appreciated the contact information for First Access, which was provided for further follow-up.
From testing these communication channels (SMS messages and printed brochure), we saw that consumers can gain basic understanding of concepts of Big Data and data privacy from simple messages. We found that consumers want to understand the process of data use, not just privacy measures that are in place, and therefore more than one SMS will likely be needed to cover multiple concepts. Follow-up information, such as additional SMS messages, informational brochures, and a call center number for answering questions are promising ways to provide further information. Ultimately, however, we also found that, for most consumers, the need for a loan supersedes their concerns about information and privacy. Participants said that if granting the use of their data made it more likely that they would receive a loan, then they would allow the use of their data even though they had limited understanding of how the data would be used. This indicates that informed consent alone is likely insufficient to protect consumers from the use of their data and that other measures, such as industry standards, may be needed to ensure the proper use of Big Data.
Read the paper Informed Consent: How do We Make it Work for Mobile Credit Scoring at CGAP.org.