Page 98 - ITU-T Focus Group Digital Financial Services – Recommendations
P. 98

ITU-T Focus Group Digital Financial Services
                                                      Recommendations







                Title of recommendation       Informed consent on data collection and use
                Working Group                 Consumer Experience and Protection

                Theme                         Data protection
                Audience for recommendation   Regulators





                Regulators should require DFS providers to provide clear, conspicuous, and understandable informed consent
                with all DFS, so that customers appreciate what data is being collected; how it may be used; whether it will be
                disclosed to third parties and, if so, which parties and for which purposes; how long it will be retained; whether
                it will be disclosed for legal or public interest reasons (such as to the government for criminal or tax related
                investigations), and what options customers have if they believe their data has been improperly accessed or
                used. Regulators should also require DFS providers to obtain specific consent for each type of data use or sharing
                including when such information is being sold or shared with a third party for a purpose unrelated to the original
                transaction.

               There is a growing international recognition of the importance of data protection as a component of DFS and
               mobile transactions.  For instance, GSMA has developed a set of mobile privacy principles  that promote
                                                                                             59
               consumer privacy in the mobile ecosystem. On the governmental level, the European Union has recently
               adopted a General Data Protection Regulation that emphasizes key components of data protection, making
               them generally applicable across industry sectors.  One of the BTCA’s Responsible Digital Payments Guidelines
                                                                                                         46
               calls for the protection of clients’ digital data.  The Payment Aspects of Financial Inclusion (PAFI) states that
               a “lack of clarity regarding what can be disclosed, and to whom, may deter the use of a payment service by
               some potential customers.”  The United Nations Guidelines for Consumer Protection  calls for the “protection
                                                                                     60
               of consumer privacy and the global free flow of information.”

               In addition, new research commissioned by the ITU shows that half of DFS customers in Ghana, Tanzania, and
               the Philippines think DFS providers or agents could use their personal information to harm them. In the same
               study, more than half in each country expressed concern about advertisers using their data.

               In keeping with emerging data protection principles, there are several steps regulators should take to protect
               DFS consumers.  First, consumers should be given clear, conspicuous, and understandable disclosures so
               they understand what data is being collected from them, how that data will be used, what choices they
               have regarding such uses, how long their information will be retained, and whether their information will be
               disclosed to third parties.  This information could help empower those consumers to make informed choices
               about the handling of their personal information.  Given the display limitations on devices often used to access
               DFS, and low literacy levels of some users, this may be challenging, but research has shown  that simple
                                                                                              61
               explanations and informational brochures can help customers understand data use. Regulators and providers
               can use consumer research to test different disclosure options can help identify the most effective mechanisms.

               In addition, it is important for consumers to be informed about certain provider policies and practices, including
               the policies for selling data to third parties. One way to reduce risk and empower customers is to require
               that providers obtain separate consent for each instance of data sharing or selling, allowing the customer to
               decide when the benefits of sharing personal data will outweigh the risks. Consumers should also be informed
               of provider policies for sharing data with government entities, such as law enforcement and tax authorities.
               And, regulators should require that providers inform customers of their ability to access, dispute, and have


               59   GSMA Privacy Principles, Promoting Consumer Privacy in the Mobile Ecosystem (2016) http:// www. gsma. com/ publicpolicy/ wp-
                  content/ uploads/ 2012/ 03/ GSMA2016_ Guidelines_ Mobile_ Privacy_ Principles. pdf
               60   United Nations Guidelines for Consumer Protection (2016) http:// unctad. org/ en/ PublicationsLibrary/ ditccplpmisc2016d1_ en. pdf
               61   Mazer, R., Carta, J., Kaffenberger, M., Informed Consent: How do we Make it Work for Mobile Credit Scoring? (2014) http:// www.
                  cgap. org/ sites/ default/ files/ Working- Paper- Informed- Consent- in- Mobile- Credit- Scoring- Aug- 2014. pdf



                92
   93   94   95   96   97   98   99   100   101   102   103