It’s not just social media. We need a fresh look at how financial data is protected, too.
> Posted by Elisabeth Rhyne, Managing Director, CFI
Mark Zuckerberg defended Facebook’s handling of customer data yesterday before the U.S. Senate, and many of us at Accion and the Center for Financial Inclusion were riveted. Not that the testimony was especially compelling as television spectacle, but because the issues at stake are so important both for our own lives and for our work.
I did a quick scan of the staff here in our Washington, D.C. office, and would like to share some of their thoughts.
Many of us identified with the widespread shock toward Facebook for using our data (or allowing others to use it) in ways we don’t like and without our clear consent. “It’s hard to separate the relevance for our work [in financial inclusion] from my anger at the relevance of these events for my life,” said Sonja Kelly. For Allyse McGrath, the first thought was a sense of relief that policy makers are “actually doing something about protecting our data” which she quickly amended to “at least starting to explore how to do so.” Other folks are more skeptical and wondering whether legislators will do anything once the furor dies down.
Data privacy and data security are central to the success of financial inclusion. As Smart Campaign director Isabelle Barres pointed out, the Campaign enshrined data privacy as one of the seven Client Protection Principles from the very beginning. Through the years we have seen a somewhat peripheral principle become increasingly prominent, as customer data became more digital and more abundant. “There are absolutely some data abuses, and regulators need to step in,” she said. “And perhaps there is hope that the focus on Facebook will be a trigger to force companies to think about consumer data more carefully.” More broadly, our staff are concerned that the proliferation of data collected without much regulation can lead to the kinds of aggressive push marketing we are beginning to see with digital credit delivery in some countries.
Senators asked Zuckerberg a lot of questions about Terms and Conditions (T&C). Long and legalistic, people do not read the Facebook T&Cs, and if they did, they would not likely understand them. In such a situation, does consent really exist? This problem is exactly the same in financial inclusion. On many mobile money platforms, for example, T&Cs cannot be read on the phone when the customer is actually using the service. Customers have to log on to an internet-connected computer to download the T&Cs – and we know almost none of them do. What have these customers given away? They do not know.
The solution proposed in the hearing today was to ask customers to opt-in to data sharing rather than setting sharing as the default and asking them to opt out. This choice is just as relevant for payment and credit apps as it is for Facebook. The presumption should always be in favor of privacy and the customers’ right to choose how their data is used.
Coryell Stout of the Accion Venture Lab team noted that fintech start-ups often do collect enormous amounts of data. Venture Lab vets the founders and managers of their investee companies thoroughly, with an eye toward social mission. They also review data use and management policies. They do not invest until satisfied that the data is used to benefit customers. However, the potential for misuse exists, if data is in the hands of people with other motivations. “We know that companies are collecting a lot of data. It needs to be secure, and we need more clarity about who controls the data fintechs collect.” Governments may need to help create that clarity.
The landmark European law on data privacy, the General Data Protection Regulation, which goes into effect next month, comes down solidly on the side of consumer ownership and control of data. Yesterday’s hearings suggest that the U.S., which has until now had a much more pro-company perspective, may become somewhat more sympathetic to the European approach. Regulators in the emerging and frontier markets in which we work are just starting to come to grips with the issue, and may forge their own path, as India and China are doing.
The consequences of misuse of consumers’ social media data can be significant – not just annoying ads, but election meddling and more. But the consequences of misuse of financial data can be even more direct: money lost to scams, theft and mis-selling. As we watch the public conversation play out over the broad questions of data ownership, we need to ensure that a similar conversation is moving forward to ensure that the highly sensitive data financial service providers handle – whether they are banks, microfinance institutions, telcos or fintechs – is secure and properly used.
Featured image credit: Alessio Jacona via Flickr Creative Commons
This post was originally published on CFI’s website.