Privacy strategy for Nigerian fintech companies

BY MICHAEL IRENE, PhD.

There has been a very good growth of fintech companies around the world and these are for good reasons. First, it presents a new way of banking transactions, opens competitiveness amongst old banking procedures, questioning the existing status quo; and this has led to the explosion of entrepreneurial endeavours. Yet, most of these new companies especially in Nigeria overlook the importance of privacy and how if strategically aligned with their business missions and visions will build a sustainable and viable business in these global economic settings.

For starters, let me start by stating that fintech is the short form of financial technology with regards to the use of data and communication technology in the development of financial services. This innovation allows the reduction of the manual processes in payment processes, setting up accounts and creating products that might benefit existing and new customers.

To address the privacy strategy topic for Nigerian fintech companies, I would first like to lay a foundation by stating some of the common applications of the fintech industry. They include e-payment and remittances (e-wallet), algorithmic trading, data analytics that support operations, open application programme interface, just to mention these. One must note that not all Nigerian fintech companies engage in these activities.

However, using these let’s now tease out the privacy risks of Nigerian fintech and proffer strategies to set them on a global standard. The first and clear imminent risk is the collection and use of personal data without notice or meaningful consent. Reading many privacy notices of these companies, one notices the use of language is pure legalese and often confusing and thereby diminishing the transparency and fairness approach in the industry.

With e-payment, the e-payment service provider sometimes collects more information than is needed for the services they’ve promised in their contracts. Not to mention any company, but there have been cases where some Nigerian fintech companies use this avenue to accurately predict their customers’ behaviours and preferences by profiling, which begs the question of these companies’ business integrity.

Because there is a lot of collaboration via an open API, a data subject may not have full comprehension of where their personal data might end-up and how it may be further disclosed. This is particularly the case when the restriction to access the open API is low and questions existing policies and practices set for third parties that have exposure to these personal data.

There is a way these companies can mitigate some of the existing risks. One, and the most important, is ensuring that the privacy notice is clear and concise and really drives home that transparency agenda. Second, in the use of algorithms, these companies must understand and set ethical standards in the use of these algorithmic formulas in prediction and review the process quarterly or monthly. The security of data, from an administrative and technical perspective must be clearly set out. I must also add that before the development stage, the fintech companies must identify and properly address all potential privacy risks, which means doing extensive privacy impact assessment and privacy by design. This is not an exhaustive strategic suggestion but only shines a light on what can be done in the first instance.

Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke