Page 60 - ITU-T Focus Group Digital Financial Services – Consumer Experience and Protection
P. 60

ITU-T Focus Group Digital Financial Services
                                               Consumer Experience and Protection



               Notification by customers is a crucial precondition for providers to address cases of fraud. Agreements specify,
               for instance, that customers will be held responsible for transactions conducted without their authorisation
               unless they bring this fact to the attention of the provider. Even where customers provide notice of fraud,
               provider obligations only kick in after they receive such notices, with a disclaimer of liability for any losses or
               damages suffered by customers prior to such notifications.

               2.2.2   Third party sharing

               Data privacy and protection is another key area of concern. The results from the review show that 83 per cent
               of the contracts reviewed had clauses that permit the provider to share information with third parties, such as
               credit reference bureaus, law enforcement agencies (both domestic and international), regulators, provider
               agents, lawyers, auditors, and subsidiaries.

               Sharing of customers’ personal information is also permitted in some cases “for reasonable commercial
               purposes related to the provision of services”. This very vague phrasing may give providers room to share
               with undisclosed categories of third parties, raising customer privacy concerns.

               Figure 2: 3  party sharing
                        rd






























               Third party sharing is especially a concern because providers in some jurisdictions have sold sensitive customer
               personal information, including financial information.

               Management of issues of privacy and data protection by customers is further complicated because many
               countries on the African continent lack specific data protection legislation. As a result, customers in a
               majority of these countries have to rely on provisions contained in various pieces of legislation that may not
               comprehensively protect them. See also Box 3, which is an example of a clause from a user agreement that
               may fall short of legal requirements in the jurisdiction.


















                52
   55   56   57   58   59   60   61   62   63   64   65