1 minute read
Data Privacy and Consumer Protection
Data Privacy and Consumer Protection
Consumer data protection is critical in ensuring that customers are confident that their data is private and used appropriately when borrowing digital credit. It is widely acknowledged that women are at greater risk of abuse in the financial system and more prone to financial fraud and scams, due to their unequal access to resources and information and power imbalances at the household and community levels. Consumer information should not be shared without the customer’s consent, unless required by law, as it would otherwise defy practices of fair market conduct and expose the consumer to risks. Regional cross-border initiatives should be considered, together with opportunities to share best practices of data privacy regulation between policymakers, and the adoption of tools that assist with non-compliance detection.
Advertisement
Non-compliance risks may increase with the development of big data that is commonly used by FinTech. AFI’s Policy Framework for Responsible Digital Credit provides minimum regulatory and supervisory requirements for developing a responsible digital credit regime. Specific to data protection and privacy, good regulation should:
1. Issue and enforce rules for consumer data protection, data privacy and usage rights.
2. Enforce risk mitigation measures to protect the security, integrity, and confidentiality of customers’ information. At minimum, data privacy rules should include restricted access to consumer data, consent to use and process the data, fair and transparent use and processing of data, and ensure confidentiality of customer data.
3. Require operators to obtain consent for customers prior to sharing their data with third-party entities.
4. Enforce rules that stipulate exceptions to the use of consumer data without consumer consent, which may include compliance with laws or court orders.
5. Encourage regional data privacy initiatives based on common principles, support interregional data flows and interoperable capabilities with existing national approaches.
6. Put in place a framework for all financial service provid¬ers to implement transparent, user-friendly, gender-sensitive and effective recourse mechanisms and dispute resolution mechanisms to address any claims and complaints from MSMEs, while taking into consideration the differential consumer protection needs for women and men. Such a framework should define a process for deleting information to be shared without consent, set a data retention period, establish channels for enquiries and complaints, and establish options for redress by consumer protection and complaint agencies within the financial regulator or other appropriate government departments.
