By Marc Jones

LONDON, (Reuters) – A paper by the BIS, the main global central bank umbrella organization, calls for more control of data that is collected by banks and social media.

In recent years, the explosion in high-tech devices, including apps, that are internet-enabled has resulted in a flood of personal information, which firms can now collect, process, and then sell.

A paper from the Bank for International Settlements (BIS), published on Thursday, stated that while data usage laws are in place for most countries, individuals don’t know what rights they have or how to protect their data.

The paper recommended that authorities adopt new governance systems in order to “level out the playing field” between controllers and subjects of data.

These regulations will require companies to obtain clearer consent for data collection, to better explain its use and to make it more accessible to those from whom it is being harvested.

According to the paper, data sharing between data providers or data users should include data requirements, retention periods, and processing details.

Its function as a hub for central banks at the top shows just how wide-based the demand for tighter data regulations is.

Current controls differ widely. Although the General Data Protection Regulation of the European Union (GDPR) was implemented in 2018, it’s still considered to be the most complete.

Some parts of the world have much less technology. One example is the United States. It has no comprehensive consumer privacy law. Instead, it relies on patchwork rules from different sectors and states.

Data subjects are also at risk because of the fact that their data is often locked up in silos and platforms within firms after they use an app, website, or service.

The companies then have the ability to combine this data with additional attributes, such as education and income, in order to generate insights and forecasts, which is often regarded as being more valuable.

A lack of credit history is a major reason why loans are denied to young and less-educated people. But, they could still get their data online and be approved for loans.

According to the paper, “The young have to take the time to build tangible collateral while the poor might never be able acquire sufficient collateral.” These high-risk, low-margin consumers cannot be reached in traditional systems without digital datasharing.

The following 5 standards were added to it:

(i) Purpose limitation – make sure that data sharing is clearly and specifically described.

(iii) Data minimization – only share the data that is absolutely necessary.

(iii). Data retention restriction – data should be kept private for no longer than is necessary.

(iv) Use limitation – Data should only be used for what it was intended.

(v) Operational resilience: Ensure data safety.