As digital technologies spread rapidly throughout the developing world, more and more poor people are creating digital footprints. Financial services providers are using these data trails to build their customer base and develop new products that better serve the needs of the poor. But the lack of regulatory checks on how companies can use personal data increasingly exposes people in low-income countries to risks, such as data abuse and cyber crime. Furthermore, CGAP has found that the poor value privacy and are willing to pay for it. However, most countries rely on the Western model of individual consumer consent for data usage, a system that is increasingly unrealistic. Research shows it would take the average person 76 days to read all the data disclosures. In countries where literacy rates are low, language barriers high, and connections unreliable, customers are even less able to give informed consent.
CGAP has concluded that the consumer consent model is broken. New approaches to data privacy and protection are needed. As emerging and developing economies transition toward digital economies, they urgently need to adopt realistic policies that shift more responsibility on providers to safeguard consumers and build trust in digital products. In doing so, they have a unique opportunity to construct modern data protection and privacy regimes that are fit for the future. Now is the time for a dialogue about how data can best serve the interests of poor people.
The content below provides more information about how poor people’s data can be protected and used for their benefit.
Policy Solutions
It’s time to shift the onus from the consumer and onto the provider for data protection. It is no longer viable to rely on consent to protect consumers’ data. In addition, new mechanisms can be created to facilitate consumer access to their own data and empower them to easily and quickly move their data from one provider to another.
Business Value
Behavioral testing of poor consumers in Kenya during COVID-19 showed that, despite extraordinary financial stresses, half were willing to pay a premium for data protection for small loans. These findings are consistent with pre-pandemic experiments from India and Kenya that indicated that poor consumers value data privacy and are willing to pay for it. This demonstrates that data privacy could give businesses a competitive advantage.
Cyber Protections
Emerging economies are increasingly vulnerable to data fraud, scams and cyber attacks. More people are turning to digital financial transactions amid COVID-19, and the pandemic is underscoring why strong cybersecurity is essential. However, many providers lack the capacity to manage the risk. In response, CGAP encourages financial sector stakeholders pool their resources to establish shared, regional cybersecurity resource centers.
CGAP Background Document JULY 2020
Cybersecurity Resource Centers for the Financial Sector: A Proposed Business Concept
This slide deck lays out a proposal for how multiple countries in a region could pool resources to create shared cybersecurity resource centers that benefit from economies of scale.
CGAP Background Document NOVEMBER 2019
Cyber Security for Mobile Financial Services
The paper shares trends, challenges and examples of governments, industry initiatives and public-private partnerships that are taking steps towards addressing capacity and resource gaps in the sector.
Additional Resources
Data generated by low-income consumers’ use of mobile phones and digital financial services can help expand financial inclusion, but its use can also result in the loss of privacy and other harm. These benefits and risks will be explored in this data protection blog series.
WEBINAR 13 JUNE 2019
Beyond Consent: Why New Approaches to Data Protection and Privacy are Needed in the Digital Age
CGAP analyst David Medine and Renuka Sane, finance professor at the National Institute of Public Finance and Policy in India, provide evidence that the consumer consent model is broken and explain why a new data paradigm is needed, one that puts more responsibility on the service providers instead of consumers.
WEBINAR 15 OCTOBER 2018
Cyber Security for Mobile Financial Services
CGAP experts Paul Makin and David Medine introduced key vulnerabilities in mobile financial services that expose poor people to fraud and suggested countermeasures to address data security. See also the blog and slide deck.