Top↑

Different Markets and GDPR

Financial and payment products are naturally very different in different economic markets, cultures, and governing regions throughout the world. While these guidelines have predominantly been tested and researched using American participants, they do note some possible differences in product localization. The most notable difference is the EU's sweeping data privacy legislation enacted in spring 2018.

GDPR

GDPR is possibly the most restrictive data privacy legislation globally and certainly has required a large effort on all technology companies to change their policies regarding data collection, storage, and policy communication. As Continuous Authentication relies on tracking various data points to identify and authenticate users, the amount collected and timeframe it can be stored in will critically affect the robustness of the system.

Gradient

If the EU, governed by a tightened-down data privacy policy, is on the conservative end of the spectrum, China is on the other side, with the US close on its tail. Any Continuous Authentication product will have to be custom tailored to its local region, from both legal and cultural design standpoints. In our Customer Journey Study [ link ] we simulated streams in a GDPR and non-GDPR context. The GDPR sequence requires much more granular consent and permissions from the user, while the rest of the markets would need fewer permissions. However, it still is better for the user to tell them about what will be collected and let them decide if they want to be party to the service.

01.GDPR is an asset to a Continuous Authentication System

Users always want to feel in control, especially with new technologies and paradigms. This builds trust, which is essential for adoption of Continuous Authentication. For these reasons, GDPR is an asset to Continuous Authentication, since how it is presented to customers will, by necessity, need to be geared towards their comprehension of the value and getting explicit consent.

Check out related topics:
User Control, Consent & Autonomy
Communication

02.GDPR is a challenge for a Continuous Authentication System

GDPR makes it very apparent what kinds and how much data will be collected from people in a Continuous Authentication system. For this reason, communication is critical, since users need to get why that volume of data collection is necessary, and buy into the fact that MC is helping them be more secure. Without a strong first exposure, and careful content design, adoption may falter.

Check out related topics:
Convenience
Data Collection