Page 96 - ITU-T Focus Group Digital Financial Services – Recommendations
P. 96

ITU-T Focus Group Digital Financial Services
                                                      Recommendations







                Title of recommendation       Identifying data privacy and protection issues
                Working Group/Work Stream     Consumer Experience and Protection

                Theme                         Data protection
                Audience for recommendation   Regulators





                Regulators should seek to understand data privacy and protection issues of consumer data and personal infor-
                mation associated with DFS products and services in their markets, through regular consultations with providers,
                consumer groups, and other stakeholders. Regulators should identify provisions in their existing legal and regu-
                latory frameworks relevant to data privacy and protection for DFS, identify gaps, and develop an action plan to
                progressively strengthen data privacy and protection and minimize adverse consequences for consumers.

               With the rapid growth of DFS, DFS providers are collecting an unprecedented quantity of personal information
               from and about consumers, including transaction details and amounts, payers/payees, and the parties’
               locations. Providers are beginning to utilize this data to offer products and services, such as by using algorithms
               to determine a customer’s credit worthiness.

               The growing collection and use of data in DFS makes it critical for regulators to better understand the related
               data privacy and protection issues in their market. To do this, they should consult with DFS providers under
               their supervision as well as with representatives of industry, consumers, and other DFS stakeholders. They
               should seek to understand the ways data is being used, current provider policies and practices with regards
               to data, and the potential risk and harm that could come from poor data practices.

               Regulators should also seek to understand the attitudes and preferences of consumers in their jurisdictions.
               For example, research shows consumers generally view  their financial information as being sensitive and
                                                              56
               have concerns about how their personal information will be used and shared, fearing it could expose them to
               identity theft, embarrassment, and tax or criminal liability. In addition, consumer attitudes differ by country.
               ITU research showed, for example, that Ghanaians and Filipinos are much less willing then Tanzanians are to
               share their data to access a loan.
               As a first step towards regulating and enforcing good data privacy and protection practices, regulators should
               survey relevant provisions or authorities in their existing laws and regulations. Many countries that - do
               not have a central data authority or comprehensive data protection law - do have data-relevant provisions
               dispersed throughout other laws or regulations, such as in bank secrecy and credit reporting laws. For instance,
               Tanzania’s Banking Act  prohibits unauthorized disclosure of transaction information and Kenya’s Central Bank
                                  57
               credit reference bureau regulations  require that credit bureaus protect the confidentiality of customer data.
                                             58
               Regulators can use this review to identify which regulatory tools are available and where there are gaps in
               their authority.
               Because DFS touch on many regulatory areas including telecommunications, financial services, competition,
               consumer protection, and data protection, country regulators should also consult with each other to develop
               a coordinated regulatory approach.  As an example, in Tanzania, both the banking laws (as noted above) and
               the telecommunications regulations restrict the disclosure of customer information.  Because DFS may occur
               over mobile devices that connect to financial institutions, the responsibility for providers’ handling of customer



               56   Costa, A., Deb, A., Kubzansky, M., Big Data, Small Credit, The Digital Revolution and Its Impact on Emerging Market Consumers
                  (2015) https:// www. omidyar. com/ sites/ default/ files/ file_ archive/ insights/ Big%20 Data,%20 Small%20 Credit%20 Report%202015
                  /BDSC_ Digital%20 Final_ RV. pdf
               57   Act Supplement, The Bank of Tanzania Act, 2006, http:// www. bot. go. tz/ AboutBOT/ BOTAct2006. pdf
               58   Special Issue, Kenya Gazette Supplement No. 3 (2014) http:// www. ciskenya. co. ke/ sites/ default/ files/ The%20 Credit%20
                  Reference%20 Bureau%20 Regulations%202013 .pdf



                90
   91   92   93   94   95   96   97   98   99   100   101