In response to the seemingly endless flow of data breaches and misuses of personal data, governments are increasingly responding with penalties, hearings and new laws and regulations. Perhaps the most widely known is the European Union’s General Data Protection Regulation (GDPR), which went into effect in May 2018 and has quickly become a global benchmark, as many of the data protection regimes emerging around the world appear to embrace the same basic principles that are at the core of GDPR.

As the growth of the digital economy continues to fuel the expansion of consumers’ data footprints, we’re also hearing calls for new approaches to data protection that advances in digital technologies should be making increasingly possible, at least in theory. But in the recent research and interviews we conducted on the current state of data protection in India, Ghana and Peru (thanks to a collaboration made possible through the Credit Suisse Global Citizens volunteer program), we encountered a divide between governments and providers that surfaces when you get beyond principles and into the specifics of their application.

As usual, the devil is in the details.

For example, in responding to a question about how data protection laws and regulations in Ghana may be impacting the extent of data sharing among providers seeking to reach underserved segments, Clarissa Kudowor, Deputy Chief Manager of the Payment Systems Department, Bank of Ghana, wrote, “Whatever the arrangements/partnerships, we expect them to apply the universally accepted principles of data protection under Section 17 through to Section 34 of the Data Protection Act, 2012.” But achieving alignment between policymakers and providers on how best to apply these principles may be easier said than done.

For instance, in talking about data protection seminars offered by the Ghanaian government, Elorm Allavi, the CEO of SyeComp, a fintech which uses data from smallholder farmers for its mfarmPay credit product, said, “Seminars are for awareness creation, but in terms of the technical side, they’re not there yet. They don’t understand how we use data.” This is but one example of the gap that exists between governments and providers in advancing data protection in their countries. But where there are problems, there are also opportunities.

Recognizing how vast of a topic this is, we have chosen to focus on three key aspects of data protection that surfaced during our research.

  • Consent

  • Localization

  • Regulatory capacity and fragmentation

We will dedicate one blog post to each of these issues, starting next week with consent. Over the coming weeks, we will explore these topics – plus alternative data legislation and vulnerable populations in the U.S. – in a CFI Blog series, “Data Protection and Financial Inclusion: Why It Matters Now.” Join us as we dive in to these issues from a financial inclusion perspective and our unique position as an industry engager.


Ethan Loufield

Former Research Director

Ethan joined CFI in 2017 after spending the first 15 years of his career in a range of finance roles in the government, financial, and nonprofit sectors.

At CFI, Ethan was responsible for the successful implementation of Inclusive Fintech 50 – an initiative that recognizes promising early-stage fintechs driving financial inclusion around the globe – including program design and execution, and delivery of incentives and knowledge products. Prior to that, he was Director of Strategy and Operations, providing overall support to CFI’s programmatic, operational, and communications activities.

Ethan started his career with the Peace Corps before moving into the financial services arena, first in equipment finance with General Electric, and then as a relationship manager with Wells Fargo Business Credit, where he managed a portfolio of over two dozen clients representing nearly $100 million in annual funding volume. He also served for several years as the CFO of a nonprofit independent school before entering the fintech space with RevolutionCredit (now known as Scorenomics), an Accion Venture Lab portfolio company specializing in the use of behavioral data and analytics in consumer credit.

Ethan holds a bachelor’s degree from the University of Rhode Island, an MBA in finance from Indiana University, and a certificate in digital money from the Digital Frontiers Institute and The Fletcher School at Tufts University. He is proficient in French.

Shweta Vashisht

Vice President, Research and Consulting Group, Credit Suisse

Explore More

Privacy as Product, FSP designers
Toolkits and Guides

Privacy as Product: Privacy by Design for Inclusive Finance

Sign up for updates

This field is for validation purposes and should be left unchanged.