The keynote speaker at a recent EU conference on data protection and privacy, Apple CEO Tim Cook spoke surprisingly bluntly about the consequences of how data is being collected and used, and stressed an immediate need to enact data privacy regulation — at least in Apple’s home country — which would be on par with his host’s General Data Protection Regulation (GDPR) framework, enacted May 2018.
“Our own information, from the everyday to the deeply personal, is being weaponized against us with military efficiency,” he said. “Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies. Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false.”
Cook reviewed the four rights that are articulated in the GDPR: First, the right to have personal data minimized; second, the right to knowledge; third, the right to access, that is, to make it easy for users to get a copy of, correct, and delete their personal data; and fourth, the right to security.
For those of us in the financial inclusion space, it was a pleasant surprise to see such a high-profile tech CEO speak so forthrightly on the topic. Data security has also very much consumed our discussions, both in an essay and in a speech at our recent 10th anniversary symposium. We’re grappling with this technical and multi-faceted issue in order to make sure that we “get it right” as data enables greater financial inclusion in the developing world.
Furthermore, the recent “Banana Skins” report, “Finance for All: Wedded to Fintech for Better or Worse,” published by the Center for the Study of Financial Innovation in conjunction with CFI, reveals that leaders in financial inclusion see technology’s risks as by far the biggest challenge they currently face.
Lofty words and alarms may be on message, but what matters is moving toward tangible steps to protect data. A recent working paper by Dvara Research, a financial systems policy research institution in India, lays out a framework for a data protection regime that could addresses both prevention of and response to data breaches. The authors provide a risk-based framework for “responsive regulation” in India, noting that the most regulations are created after a major data breach has occurred (such as the Aadhaar data breach in India about a year ago). The paper highlights principles – such as transparency, accountability, and proportionality – that should guide the regulators.
Speaking of regulation, The Economist Intelligence Unit’s Global Microscope, a ranking of the enabling environments in 55 countries carried out in partnership with CFI, has also taken a forward-looking digital approach in evaluating governments’ abilities to create smart, practical and deliverable regulation, including in data protection. Colombia (which tops the overall ranking) and South Africa, for example, have dedicated financial consumer protection frameworks and specialized enforcement capacity, along with government entities with a strong capacity to enforce data protection laws.
We at CFI couldn’t agree more with these intentions, and we’re also contributing our part toward making sure the need for data protection, transparency, and consumer knowledge are deeply ingrained in those operating in the financial inclusion space.
This is why the Smart Campaign is strengthening its attention to data privacy and security in its standards for consumer protection certification for digital financial services. We are also sponsoring research, such as that from CFI Fellow Patrick Traynor, which showed how some digital financial service providers have gaps in their data security protocols, and offered some easily actionable technical fixes (see also this post and slide deck from CGAP with challenges and best practices for digital financial service providers).
In 2019, CFI will continue to tackle this issue, to do our part as advocates of data protection for billions of vulnerable unbanked and underbanked consumers around the world.