Image/Banner (optional)
Project Update
Why would we need a privacy and human rights framework at the Interledger Foundation? Isn't the protocol itself private and secure?
This is about money, isn't it, not personal information?
Shouldn't the developers and implementers of fintech solutions be the ones developing privacy policy, not the ILF?
Do privacy and human rights have anything to do with financial inclusion?
These are basic questions that I started with in November 2023, when I first proposed this project. I understand the field a whole lot better than I did when I started in March 2024, but I don't think I will ever be an expert. Financial systems are complicated. So are human rights; I think I understand those a lot better. And in the complex world we are building in Fintech, tech experts and policy experts will need to work together if we are going to stop the growing gap between the rich and the poor, the powerful and the disenfranchised. Tech doesn't solve everything, policy must follow and adapt in order to ensure human rights.
I started out by promising a 15 page report, a template for privacy and human rights impact assessments, and outreach to both disenfranchised groups like temporary foreign workers, and members of the data protection oversight community....privacy commissioners and academics. This was pretty ambitious, and it is clear now that it will take years to develop better practices in this field, and educate disenfranchised communities. However, I think I have made good progress in producing some materials that will help the community understand these issues.
Progress on Objectives, Key Activities
During the first term of my ambassadorship I explored all work I could find on data protection related to Fintech.I consulted with the Council of Europe officials working on data protection, and attended the Computers, Privacy and Data Protection conference in Brussels to discuss progress in this field with acadmics, experts, and data protection officials. While there certainly had been concerns voiced by data protection authorities, it was clear that Fintech was not the focus of activity at the moment, despite the fact that it has been moving forward at a great pace, and it is recognized that it will have a profound effect on human rights and financial inclusion if not done properly. In my second term, I continued exploring what has been published on everything from stablecoins to central digital currencies and wallets. However, it was very clear that it would be premature to reach out to data protection authorities before ILF has a working demonstration of an implementation, and an applied framework of data protection and human rights protection.
What to we need to get there? I think we need training on the issues and a greater focus on the protection needs and how to actually do the risk assessments necessary to gauge potential harms. Accordingly, I switched directions and developed training modules on privacy as it has developed in law and policy, how to do a Privacy Impact Assessment or PIA, how to do a Human Rights Impact Assessment or HRIA, and how to understand the Know your customer and Anti Money Laundering (AML)requirements that have developed over the past 25 years. This project in itself required quite a bit of research. These AML requirements represent a significant risk for low income or racialized users of Fintech systems. Demands for intrusive identity verification can have negative impacts on marginalized communities.
Furthermore, if people in domestic environments are moving from a cash-based market system to electronic systems, it is important that we analyze the privacy risks inherent in the technology. This broadens the potential scope of privacy impact assessments substantially, and it brings up complex issues of controllership versus the role of processor. It became clear that in any instantiation of the ILP, a number of existing systems, such as a cellular network, a device (phone or payment processor), or a provider of AML identity checking services would introduce any number of privacy and human rights impacts to users. These devices and networks are usually outside the control of implementers and the ILF.
It became clear early on that one cannot assume a common understanding of the terms used in data protection, nor those in the Fintech industry. Accordingly, I focused on producing a glossary that would provide terms, acronyms, meanings, and the provenance of those usages. This is, in my opinion, necessary groundwork before we do outreach to either vulnerable groups or data commissioners.
I have kept the templates for PIAs and HRIAs fairly high level, because I need to test this proposed approach and framework with an actual working wallet that is in the field and impacting people. Without a real life workshop where we can speak with the stakeholders, explore the impact of local law and all the technologies used in the system, we are conducting a merely theoretical exercise.
What impact does the project have on your perception of digital financial inclusion?
There are many different projects going on at the ILF to seek engagement of disenfranchised communities or groups (women and girls, children, black and indigenous people, marginalized language groups, BIPOC and LGBTQIA communities, temporary foreign workers, the elderly, disabled individuals...the list is long). Each of these communities could benefit from a structured risk assessment of the privacy and human rights impacts of proposed financial inclusion efforts. I hope that the work I have done will be of interest to the folks working on these projects, and that we can engage in more detailed work on impact assessment.
Communications and Marketing
I did not spend the money on publications that I had originally forecasted in my budget. Education materials that I prepared need to be assessed and approved as part of ILF's ongoing work on education prior to publication and distribution. As discussed above, it is premature, in my opinion, to reach out to the data protection oversight community until we have mastered a few workshops on impact assessment, so that we are clear about risks and legal implications. I hope that ILF will be interested in engaging further on PIAs.
I continue to discuss all new developments with my privacy network, and follow all the relevant entities who might be examining Fintech developments. This includes the data protection commissioners, key privacy scholars, the CPDP conference, US regulatory developments, the central bank community, FATF and the AML community, and developments in Fintech.
I presented a briefing on the work at the ILF monthly community forum on June 12, 2025. Slides are available for those interested.
What’s Next?
As indicated above, I think training and workshops would be very beneficial to the ILF community to broaden their thinking on data protection issues, and prepare them for successful instantiations that respect legal and human rights obligations.
Community Support
I have very much appreciated all the help that I have received from members of the community who have been willing to explain the technological and policy questions that I have encountered over my ambassadorship. People have been very generous with their time, and have found others to answer questions to which they did not have answers. This has helped me to compile even more questions that need answering, and I will be engaging with the community to help solve some of those issues. Please send me questions, this is how we can learn together!
Top comments (0)