Security and Trust

The right kind of friction

When it comes to their data, consumers want transparency and control. Interoperable consent requirements for data sharing could give them both.
12/06/2023
Person lying on couch looking at phone

In payments, we appropriately often talk about eliminating friction from the consumer experience. But when it comes to data use, friction might not always be a bad thing. Intentional, coordinated, interoperable friction can support consumers being more confident in data sharing and empower them to be more active participants in the digital economy. And a standardized consent experience across jurisdictions might be just what is needed to improve and, in some instances, regain trust among consumers.

The world has never been more connected

Through the internet and other digital technologies, the world has perhaps never been more connected than it is today. Businesses and consumers are connected in more ways than they ever have been. Friends and families easily close any physical distance with all manner of digital technologies. And this is not a trend that is likely to slow down.

In large part, this increase in connectivity is a boon to individuals and businesses, communities and society writ large. It powers an increase in convenience and efficiency and expands global economic growth.

But the benefits are not without risks — particularly in terms of preserving privacy and control over personal information. Hacking, identity theft, and less-than-responsible use of consumer data has left many people feeling skeptical of the way companies use their data. This kind of mistrust can prevent individuals and businesses from taking full advantage of the benefits of the digital economy.

Good intentions can have unintended consequences

In response to concerns around data privacy and security risks, governments around the world have started to take action. Many have implemented rules and guardrails that dictate the ways companies can collect, store, and ultimately use consumer data.

As of this year, more than 160 countries have put some kind of data privacy laws into place, and the particular requirements and components of these laws vary from jurisdiction to jurisdiction.¹ Lacking an integrating framework, the resulting legal patchwork of data regulations introduces compliance and operational challenges for businesses trying to operate in many countries — especially small- and medium-sized businesses. The resulting burdensome patchwork is particularly problematic when you look at varying regulatory expectations around consumer consent across the globe.

Of course, the desire to protect consumer data is well-intentioned. Consumer data should be handled with the utmost care. But how consumer protections are currently being approached — through a fragmented regulatory landscape with varying requirements intended to accomplish the same means — consumer control — can have unintended negative consequences.

Ultimately, such a landscape risks undermining consumer confidence and inhibiting the kind of cross-border data flows that are critical for economic growth, technological innovation, and widespread adoption of and inclusion in the digital economy.² Visa’s groundbreaking consumer research describes additional negative impacts for consumers around the globe.

Consumer-empowering consent is key

The patchwork of requirements can affect more than just the regulatory frameworks companies must follow. Regulatory fragmentation may lead to inconsistent experiences for consumers during the consent process. It may also lead to a lack of understanding of how a consumer’s data will be used by companies. All of which can potentially decrease consumer trust and confidence, ultimately leading to missed opportunities for consumers to meaningfully engage in the digital ecosystem.

In fact, a report authored by the Visa Global Data Office found that a majority of consumers prefer companies to use standardized methods of collecting consumer consent. Furthermore, consumers are more likely to share their data if a standardized consent experience that is transparent and gives consumers more control over their data is utilized by companies. In addition, current methods of collecting consumer consent leaves most consumers feeling a lack of control, comfort, and understanding of how their data is used, and shared by companies today.

The way consumers are presented with a consent request has an important impact on how often consumers are willing to share their data with companies.³ When presented with a standard sign-up experience, where consent is tied to terms and conditions with no optionality involved (utilized by many companies today), versus a hypothetical granular consent experience that offers more visibility and control of how and what data is used and shared, consumers overwhelmingly prefer the granular experience. In fact, consumers report feeling greater trust, more control, comfort, and understanding with the granular consent experience. Consumers are also more willing to grant companies permission to collect personal data with a granular consent experience.

According to the report, several specific features of consent experiences help build consumer trust through intentional, coordinated friction — from offering simple, clear and consistent information, to being transparent in terms of what is being collected and who has access, to giving consumers the power to control data use across use cases and revoke permissions.⁴

Ultimately, consumers prefer more granular choices when it comes to data use — even if it does introduce some friction. The right kind of friction, it turns out, gives consumers more transparency and control over how their data is collected.

Reducing regulatory fragmentation can empower consumers

As policymakers and regulators continue to develop, implement, and update consumer data requirements, making sure that consent requirements enable data to flow across jurisdictions can ultimately empower consumers and encourage digital engagement.

In addition to consumer benefits, regulatory interoperability can benefit businesses, organizations, and communities, too. Protecting data and privacy while reducing regulatory fragmentation can help ensure full and equitable participation in the digital economy around the globe.

And for the ecosystem as a whole, ensuring data protection and privacy requirements are clear and consistent is key to future innovation, market opportunities, and economic growth.

Of course, ensuring consumer empowerment, responsible data use, and data privacy laws and regulations contribute to building consumer trust, promote economic growth, and support ongoing technological innovation is going to take collaboration — from policymakers, business, and civil society.

At the end of the day, empowering consumers to more confidently participate in the digital economy will create a more inclusive, innovative, and robust digital economy that will have important benefits for all.