Privacy by Design for Inclusive Finance: Moving from Liminal Space to Concrete Practice

Data Privacy Day — recognized on January 28 — is intended to raise awareness about protecting personal information online. One of CFI’s long-standing strategic priorities has been to help build trust in digital finance for low-income consumers, in part by bringing transparency and accountability to how providers use customer data. This Data Privacy Day, CFI is excited to share a concrete tool for fintechs and digital FSPs — Privacy as Product Playbook — to embed data privacy from the outset to better protect consumers. This article discusses why the playbook addresses broader industry needs to embed responsible product design and how it was crafted.  

For years, we have been discussing how the digitalization of financial services is transforming the customer experience, and with it the meaning of responsible practice. In 2019, Elisabeth Rhyne, former Managing Director of CFI, wrote that with the shift from fully in-person interactions to digital ones, “the problem of rogue or substandard staff behavior disappears […] But so does the helpful staff person who can answer a client’s questions and guide the client to the right product. With digital services, everything the client experiences is pre-programmed and embedded into the user interface upfront before a single client has clicked on a single screen.” The implication was clear: good practice for inclusive finance was going to depend increasingly on responsible design.  

The digitalization of financial services has brought in legions of talented technologists — data scientists, UX/UI designers, engineers, and product managers — whose decisions significantly impact the experiences of low-income and vulnerable financial consumers. Like loan officers and front-line staff in traditional business models, these individuals and teams are making decisions that lead either to a delightful user experience or a disastrous one (see the edtech Byju in India). And at the same time, these technologists — some new to working in inclusive finance — may not be fully aware of the specific needs of low-income consumers, how design decisions can impact those consumers, or how to build consumers’ trust in digital finance.  

Within inclusive financial services, data collection and processing occur under the radar of most consumers, and research suggests that achieving truly informed consent is often untenable.

We know that for the 1.4 billion people currently outside the formal financial system, lack of trust is a major reason why unbanked adults do not use formal financial services. As part of CFI’s workstream on responsible data practices, we are tackling a particularly thorny area in building trust with consumers: privacy. Within inclusive financial services, data collection and processing occur under the radar of most consumers, and research suggests that achieving truly informed consent is often untenable. Unfortunately, privacy-related harms have become all-too-common, with examples of mishandled data and outright sexual harassment, including fake graphics used to intimidate female digital borrowers . These types of incidents only further deplete trust in digital finance.  

At CFI, we are focusing on a “by-design” philosophy across our thematic areas of research. Privacy by Design (PbD) specifically aims to enhance how privacy is integrated into systems and provides an alternative to the prevalent compliance-centric approaches to managing privacy issues. By emphasizing privacy in the initial design of digital products, privacy is transformed into a core aspect of a system rather than serving as a checkbox for regulatory compliance, as it is often the case with legislation such as the European Union’s General Data Protection Regulation (GDPR).  

CFI conducted a literature review in 2022 that found support for Privacy by Design across disciplines including computer science, engineering, UX/UI and academia but resulted in few concrete and successful case studies. To date, PbD has occupied a liminal space — where theoretical and conceptual support is strong, but there are limited examples of how private sector companies have practically put PbD into practice. And there are not yet any examples of PbD being used in the inclusive finance sector.  

Leveraging by-design thinking, we created the Privacy as Product Playbook, a first-of-its-kind knowledge product for the inclusive finance sector that outlines how to integrate responsible data practices and privacy into the design of digital financial products geared for low-income users. The principle is simple: when privacy needs are considered from the beginning of the design process, there are positive benefits for both the business and the consumer — it can streamline design processes and eliminate costs of retooling, and it takes consumer needs and protection into account while ultimately builds consumer loyalty. However, in practice, implementing a PbD approach can take time and effort and requires the support of both product managers and leadership teams.  

Our hope is that the Privacy as Product Playbook will spur inclusive finance product designers and leaders to adopt PbD thinking in their work. The playbook offers a clear guide for product management teams at digital finance companies. As mentioned earlier, a new generation of technologists is crafting the customer experience — for better or worse — and product managers have pivotal influence on these technologists. Product managers must strike a balance between creating value for both consumers and the business, which entails not only meeting users’ needs but also ensuring a viable path to commercialization.  

To make the introduction of PbD as approachable as possible, the playbook includes a step-by-step guide on how to include PbD throughout the product development lifecycle, interactive worksheets for teams to implement PbD in their work, practical tips on championing PbD within a company, and common privacy traps to avoid. It emphasizes the importance of crafting a responsible data strategy specifically for the development of new digital financial products and of prioritizing the privacy needs of end users in every important decision. The playbook aims to show that privacy can provide crucial benefits to companies and should be seen as a value-add rather than as a compliance cost.  

This playbook represents what we believe is an important thread for the future of responsible finance, where in the throes of digitalization, good practices increasingly hinge on good design. Beyond the PbD playbook, our consumer protection workstream has explored deceptive design tactics that impair consumer autonomy. We are currently conducting an experiment on the impacts of positive friction in digital lending, which involves introducing friction thoughtfully at key decision points in the loan application process to enable suitable and intentional loan selection and usage by consumers.  

So this year, as we celebrate Data Privacy Day, we encourage the inclusive finance community to embrace the importance of responsible design and how it can lead to significant improvements in consumer trust in digital financial services.  

The PbD playbook and accompanying brief were a result of CFI’s partnership with PayPal’s Global Privacy Team.