Page 96 - ITU-T Focus Group Digital Financial Services – Recommendations
P. 96
ITU-T Focus Group Digital Financial Services
Recommendations
Title of recommendation Identifying data privacy and protection issues
Working Group/Work Stream Consumer Experience and Protection
Theme Data protection
Audience for recommendation Regulators
Regulators should seek to understand data privacy and protection issues of consumer data and personal infor-
mation associated with DFS products and services in their markets, through regular consultations with providers,
consumer groups, and other stakeholders. Regulators should identify provisions in their existing legal and regu-
latory frameworks relevant to data privacy and protection for DFS, identify gaps, and develop an action plan to
progressively strengthen data privacy and protection and minimize adverse consequences for consumers.
With the rapid growth of DFS, DFS providers are collecting an unprecedented quantity of personal information
from and about consumers, including transaction details and amounts, payers/payees, and the parties’
locations. Providers are beginning to utilize this data to offer products and services, such as by using algorithms
to determine a customer’s credit worthiness.
The growing collection and use of data in DFS makes it critical for regulators to better understand the related
data privacy and protection issues in their market. To do this, they should consult with DFS providers under
their supervision as well as with representatives of industry, consumers, and other DFS stakeholders. They
should seek to understand the ways data is being used, current provider policies and practices with regards
to data, and the potential risk and harm that could come from poor data practices.
Regulators should also seek to understand the attitudes and preferences of consumers in their jurisdictions.
For example, research shows consumers generally view their financial information as being sensitive and
56
have concerns about how their personal information will be used and shared, fearing it could expose them to
identity theft, embarrassment, and tax or criminal liability. In addition, consumer attitudes differ by country.
ITU research showed, for example, that Ghanaians and Filipinos are much less willing then Tanzanians are to
share their data to access a loan.
As a first step towards regulating and enforcing good data privacy and protection practices, regulators should
survey relevant provisions or authorities in their existing laws and regulations. Many countries that - do
not have a central data authority or comprehensive data protection law - do have data-relevant provisions
dispersed throughout other laws or regulations, such as in bank secrecy and credit reporting laws. For instance,
Tanzania’s Banking Act prohibits unauthorized disclosure of transaction information and Kenya’s Central Bank
57
credit reference bureau regulations require that credit bureaus protect the confidentiality of customer data.
58
Regulators can use this review to identify which regulatory tools are available and where there are gaps in
their authority.
Because DFS touch on many regulatory areas including telecommunications, financial services, competition,
consumer protection, and data protection, country regulators should also consult with each other to develop
a coordinated regulatory approach. As an example, in Tanzania, both the banking laws (as noted above) and
the telecommunications regulations restrict the disclosure of customer information. Because DFS may occur
over mobile devices that connect to financial institutions, the responsibility for providers’ handling of customer
56 Costa, A., Deb, A., Kubzansky, M., Big Data, Small Credit, The Digital Revolution and Its Impact on Emerging Market Consumers
(2015) https:// www. omidyar. com/ sites/ default/ files/ file_ archive/ insights/ Big%20 Data,%20 Small%20 Credit%20 Report%202015
/BDSC_ Digital%20 Final_ RV. pdf
57 Act Supplement, The Bank of Tanzania Act, 2006, http:// www. bot. go. tz/ AboutBOT/ BOTAct2006. pdf
58 Special Issue, Kenya Gazette Supplement No. 3 (2014) http:// www. ciskenya. co. ke/ sites/ default/ files/ The%20 Credit%20
Reference%20 Bureau%20 Regulations%202013 .pdf
90