Bangladesh Pottery Worker, Photo by Junaid Uddin Ahmed, 2012 CGAP Photo Contest Photo by Junaid Uddin Ahmed, 2012 CGAP Photo Contest

New Approaches to Data Privacy and Protection

As digital technologies spread rapidly throughout the developing world, more and more poor people are creating digital footprints. Financial services providers are using these data trails to build their customer base and develop new products that better serve the needs of the poor. But the lack of regulatory checks on how companies can use personal data increasingly exposes people in low-income countries to risks, such as data abuse and cyber crime. Furthermore, CGAP has found that the poor value privacy and are willing to pay for it. However, most countries rely on the Western model of individual consumer consent for data usage, a system that is increasingly unrealistic. Research shows it would take the average person 76 days to read all the data disclosures. In countries where literacy rates are low, language barriers high, and connections unreliable, customers are even less able to give informed consent.

CGAP has concluded that the consumer consent model is broken. New approaches to data privacy and protection are needed. As emerging and developing economies transition toward digital economies, they urgently need to adopt realistic policies that shift more responsibility on providers to safeguard consumers and build trust in digital products. In doing so, they have a unique opportunity to construct modern data protection and privacy regimes that are fit for the future. Now is the time for a dialogue about how data can best serve the interests of poor people.

Click on image to view full infographic


The content below provides more information about how poor people’s data can be protected and used for their benefit.

Policy Solutions

It’s time to shift the onus from the consumer and onto the provider for data protection. It is no longer viable to rely on consent to protect consumers’ data. In addition, new mechanisms can be created to facilitate consumer access to their own data and empower them to easily and quickly move their data from one provider to another.

India. Photo by Sudipto Rana, 2014 CGAP Photo Contest
Publication

As more and more people begin to conduct transactions online, questions have emerged about how to provide millions of customers adequate data protection and privacy. India's solution to this challenge is account aggregators (AA).
Photo by Geoffrey Buta, 2018 CGAP Photo Contest
Publication

The consumer consent model for data privacy and protection is broken. It’s time for a new data paradigm whereby financial services providers and data collectors take greater responsibility for protecting customers’ data.
Business Value

Behavioral testing of poor consumers in Kenya during COVID-19 showed that, despite extraordinary financial stresses, half were willing to pay a premium for data protection for small loans. These findings are consistent with pre-pandemic experiments from India and Kenya that indicated that poor consumers value data privacy and are willing to pay for it. This demonstrates that data privacy could give businesses a competitive advantage.

Blog

Research in Kenya shows that low-income borrowers value data privacy so much that most are willing to pay higher interest rates for better privacy protections, even during the COVID-19 pandemic.
Photo by Rokonuzzaman Khan
Publication

Do poor customers value data privacy? Six experiments in India and Kenya indicated they do and are willing to pay for it. For providers, this suggests that offering products with privacy and protection features can give them a competitive market edge.
Cyber Protections

Emerging economies are increasingly vulnerable to data fraud, scams and cyber attacks. More people are turning to digital financial transactions amid COVID-19, and the pandemic is underscoring why strong cybersecurity is essential. However, many providers lack the capacity to manage the risk. In response, CGAP encourages financial sector stakeholders pool their resources to establish shared, regional cybersecurity resource centers.

Photo by Shafiqur Rahman, 2016 CGAP Photo Contest
CGAP Background Document JULY 2020

Cybersecurity Resource Centers for the Financial Sector: A Proposed Business Concept

This slide deck lays out a proposal for how multiple countries in a region could pool resources to create shared cybersecurity resource centers that benefit from economies of scale.

CGAP Background Document NOVEMBER 2019

Cyber Security for Mobile Financial Services

The paper shares trends, challenges and examples of governments, industry initiatives and public-private partnerships that are taking steps towards addressing capacity and resource gaps in the sector.

Additional Resources
Podcast

CGAP's privacy and consumer financial services expert David Medine discusses the risks that millions of low-income consumers face in developing countries as they start using digital financial services
Blog

Here are four things the development community can do to improve cybersecurity as digital financial services expand in developing countries.
Blog Series

Data generated by low-income consumers’ use of mobile phones and digital financial services can help expand financial inclusion, but its use can also result in the loss of privacy and other harm. These benefits and risks will be explored in this data protection blog series.

WEBINAR 13 JUNE 2019

Beyond Consent: Why New Approaches to Data Protection and Privacy are Needed in the Digital Age

CGAP analyst David Medine and Renuka Sane, finance professor at the National Institute of Public Finance and Policy in India, provide evidence that the consumer consent model is broken and explain why a new data paradigm is needed, one that puts more responsibility on the service providers instead of consumers.
 

WEBINAR 15 OCTOBER 2018

Cyber Security for Mobile Financial Services

CGAP experts Paul Makin and David Medine introduced key vulnerabilities in mobile financial services that expose poor people to fraud and suggested countermeasures to address data security.  See also the blog and slide deck.