UN Principles for Responsible Digital Payments

4

Safeguard client data

The growth of digital payments is generating data in unprecedented volumes. Preventing misuse of data is fundamental to fostering user trust in digital payments.

However, existing data protection and privacy compliance models anchor are based on consent. Too often, users do not understand what they are agreeing to, rendering consent meaningless.

Remedies are being formulated, and one trend is starkly clear: the onus is shifting to providers.

Addressing these concerns calls for the regulation of personal data grounded in a human rights framework, supported by policies that secure both people and the data systems on which they depend.

RECOMMENDATIONS

Members can commission behavioural research on user privacy to understand how to make individuals more privacy-conscious as part of their emerging digital rights. Actions include:

  • engaging directly or through trusted local groups with first-time users, crafting consent disclosures and informing users of their rights and how to exercise them
  • testing the privacy of payment products from the perspective of at-risk segments; this may involve removing quick balance view to protect the privacy of women using shared devices in their households
  • ensuring transparency of personal data usage by making an audit trail available to regulators and end-users while ensuring that personal information is protected.

Members can include clauses in their service-level agreements with digital payments partners that ensure that users’ digital payments data are protected against misuse.

PDF More recommendations on how to safeguard client data

IN PRACTICE

India’s electronic consent framework: Account aggregators (AAs) facilitate the flow of data between customers and users of their financial information. AAs are ‘data blind’ and cannot view, store, use or modify user data. They release user data only if the user has provided electronic consent for the purpose requested.

Unilever’s Shakti programme: The smartphone app collects sensitive data such as GPS location and real-time density mapping and uses them to support the viability of Shakti entrepreneurs’ businesses. Unilever applies strong regulatory oversight, ensuring that each new use case is captured, processed and used in line with regional e-commerce and data privacy laws.

India’s Unified Payments Interface collects only the minimum amount of data required to transact. The platform also proactively specifies that participating payment service providers must rigorously protect user data.

Mexico’s data analytics tool: Mexico’s National Banking and Securities Commission (CNBV) engineered a storage platform that houses transactional data from financial service providers. The tool allows CNBV to compare current data against historical records, using machine learning to validate, flag and report suspicious trends.