Bangladesh Pottery Worker, Photo by Junaid Uddin Ahmed, 2012 CGAP Photo Contest Photo by Junaid Uddin Ahmed, 2012 CGAP Photo Contest

New Approaches to Data Privacy and Protection

As digital technologies spread rapidly throughout the developing world, more and more poor people are creating digital footprints. Financial services providers are using these data trails to build their customer base and develop new products that better serve the needs of the poor. But the lack of regulatory checks on how companies can use personal data increasingly exposes people in low-income countries to risks, such as data abuse and cyber crime. Most countries rely on the Western model of individual consumer consent for data usage, a system that is increasingly unrealistic. Research shows it would take the average person 76 days to read all the data disclosures. In countries where literacy rates are low, language barriers high, and connections unreliable, customers are even less able to give informed consent.

CGAP has concluded that the consumer consent model is broken. New approaches to data privacy and protection are needed. As emerging and developing economies transition toward digital economies, they urgently need to adopt realistic policies that shift more responsibility on providers to safeguard consumers and build trust in digital products. In doing so, they have a unique opportunity to build modern data protection and privacy regimes that are fit for the future. Now is the time for a dialogue about how data can best serve the interests of poor people.


Click on image to view full infographic
Additional Resources

CGAP's privacy and consumer financial services expert David Medine discusses the risks that millions of low-income consumers face in developing countries as they start using digital financial services

Here are four things the development community can do to improve cybersecurity as digital financial services expand in developing countries.
Blog Series

Data generated by low-income consumers’ use of mobile phones and digital financial services can help expand financial inclusion, but its use can also result in the loss of privacy and other harm. These benefits and risks will be explored in this data protection blog series.


The Equifax data breach that exposed 145 million people's personal information holds two big lessons for developing countries: avoid centralized databases and let consumers control their own data.

Beyond Consent: Why New Approaches to Data Protection and Privacy are Needed in the Digital Age

CGAP analyst David Medine and Renuka Sane, finance professor at the National Institute of Public Finance and Policy in India, provide evidence that the consumer consent model is broken and explain why a new data paradigm is needed, one that puts more responsibility on the service providers instead of consumers.


Cyber Security for Mobile Financial Services

CGAP experts Paul Makin and David Medine introduced key vulnerabilities in mobile financial services that expose poor people to fraud and suggested countermeasures to address data security.  See also the blog and slide deck.