Advances in how we can collect and analyze data have disrupted the financial services industry. Organizations are now able to learn more about customer behavior and preferences than ever before, and they’re applying these insights to improve the customer experience. However, as this capacity continues to grow, so do concerns about identity, privacy, and data protection. In the previous blog in our digital identity series, we looked at the definition of identity. Now, we’re investigating the implications of digital identity from a privacy perspective and analyzing the impact of the EU’s General Data Protection Regulation (GDPR) as a demonstration model for emerging markets.
If the recent congressional hearing into Facebook’s data practices wasn’t enough to make you wonder about the privacy of your online identity, the barrage of emails from companies chasing GDPR compliance likely was. While the scope of the legislation is only applicable for organizations dealing with the personal data of EU residents, it is likely to influence privacy protection principles worldwide.
Despite the fact that GDPR addresses 6 different legal grounds for processing customer data, media coverage of its introduction has honed in on two key themes: 1) consent for access to data, and 2) transparency in communicating precisely how that data will be used. The focus on customer consent has sparked analysis of the effectiveness of enhancing privacy through increasing consumer rights to control their identity information.
Although, in theory, the right to consent will allow consumers to prevent access to their information in certain circumstances, in practice it may fall short of driving data protection. Consumers often do not read lengthy communications on legal terms and conditions, and when they do, many may still be unclear about the implications of permitting access to their data. This issue is exacerbated in emerging markets where consumers are typically less literate, less familiar with technology, and as a result, are potentially more vulnerable to exploitation.
With this in mind, it’s uncertain whether the right to consent inherently enhances consumer privacy or whether it simply provides a privacy-enabling structure that can be leveraged only by the highly informed. Given this context, we need to take the discussion beyond consent when considering how to protect user privacy in developing economies.
To explore this topic further, we hosted a webinar on Digital Identity for Financial Inclusion (click here to watch). During the session, we took a look at some of the solutions being utilized to manage personal information and the impact they are having on financial inclusion, privacy, and commercial viability for financial service providers.