Consumers are still suspicious of open finance. In particular, privacy concerns are cited by the general public as the main reason for their reluctance. (1) Are these public concerns justified, or are they afraid of the unknown?
Payment Service Directive II (PSD2) requires banks to provide third-party access to their banking systems. That access is through Application Programming Interfaces (APIs): means that allow different IT systems to communicate with each other. Opening up information from banking systems in this way is also known as open banking. Parties that gain access to financial data can then use the information they extract from it to improve the services they provide. Before a third party, such as a fintech, can access the bank's customer's financial data, the consumer must first have given their consent. In addition, this service provider must have his or her IT security in strict order and a license from the Dutch Central Bank is required.
With this forced opening of their systems, banks are generally not happy. (2) After all, it means more competition in the payment services market. However, it is considered in the interest of consumers to achieve this market opening. More entrants to a market means more competition, and more competition leads to more innovation. This is evidenced by the actions of banks that already saw the scare ahead of PSD2's entry into force and feared losing their monopoly position. For example, in 2017 ABN Amro launched the payment service Tikkie, a now widely known application that allows you to transfer modest amounts of money to another bank account within seconds.
Fintechs bundle financial services with technological innovation and generally employ people who develop algorithms and (payment) systems that can speed up processes. An example: financial data can be used to determine a company's financial health. However, if this data has to be looked up manually, it takes quite some time. By developing systems that analyze this data, it is possible to find out in no time whether a company is healthy and therefore creditworthy. Because fintechs can ensure that loans can be closed at lightning speed, banks are forced to innovate as well.
However, the use of algorithms is controversial. After all, algorithms make choices that we as humans have difficulty understanding, if at all. (3) Algorithms base their calculations on the information available to them. If the information is not pure, algorithms can start doing crazy things. This can lead to (unconscious) discrimination, for example. An example of this is the automated risk selection at the tax authorities, where people's first nationality was considered a risk factor. (4) Surcharges were then withheld based in part on this information. According to Douwe Lycklama, expert in the field of digital transactions and author of the bestseller "Everything Transaction," it can never be completely ruled out whether an algorithm discriminates, but just as well, according to him, there are no indications that algorithms discriminate more than when the processes are performed by humans. This is a valid point if we consider the discriminatory actions of the tax authorities; indeed, the National Ombudsman has concluded that when data was still entered manually by the Tax Administration, the same (discriminatory) risk selection was applied. (5)
Ideal, Apple Pay, Bunq, Payconiq and Tikkie. Apps that make financial transactions in seconds. But what if not only access to your checking accounts becomes possible, but it extends to your savings account, your investment portfolio, your pension and your mortgage? A good example is ING subsidiary Yolt, a company already widely used in the United Kingdom. The goal of this company is to provide users with the aforementioned financial services as efficiently as possible, based on bank information that the customer can open up to Yolt themselves. As a result, fintech companies like Yolt are expected to provide increasingly efficient services and the range of offerings will increase, enabling a form of fast online financial transactions on a widespread scale. Thus, a new regulated financial system will emerge based on consumer data. This system is called open finance.
In open banking, third parties - provided they meet the necessary requirements and have the consumer's consent - are given access to consumer banking data. Because in this case it is not only the bank or asset manager that has this data, it seems obvious at first that open banking carries greater privacy risks than current Internet banking. Douwe Lycklama would like to nuance this: first, a third party can only have access to the data if it has obtained permission from the consumer. This consent from the consumer is not only mandatory, but the regulations also command that consent be sought again from the user after every three months. Thus, the consumer remains in control of sharing personal data with a third party. By comparison, anyone with a Facebook account has given Facebook lifetime and even post-mortem permission to share all their data. In open banking, the company in question is not allowed to use "all" the data anyway. Indeed, the fintech may not even request all available data from the consumer: only information related to the service. This is called purpose limitation. Of course, the bandwidth of what falls under purpose limitation can be stretched, but a fintech can never simply request your address information without an appropriate reason. So purpose limitation means that not all data should be shared but only the data necessary for the service. The Personal Data Authority (AP) checks whether companies are complying with this purpose limitation. Of course, the AP's capacity is not unlimited (6), but the point is that the consumer as a user of open banking services thus always remains in control of the use of his or her personal data. Consent is always revocable. Companies that then continue to use this data anyway can be held liable. Open banking is there for the benefit of consumers, according to Douwe Lycklama, but it also offers banks the opportunity to innovate. Banks should disclose customer data the moment the consumer wants it. Why would consumers want to share their data so that it can be reused? So that the consumer gets better financial services.
Douwe expects that when open finance gets off the ground, that is, when a new system of financial services emerges, intermediaries will also make their rise. Intermediaries, in this context, are experts who will help consumers optimize their personal data. This practically means that an independent party will advise which financial data should and should not be disclosed for an optimal service. This will obviously benefit privacy-friendliness, if only the strictly necessary data is shared. The less data shared, the less chance of abuse. Of course, you can choose on your own to share less personal data for the financial service, but then you may get a less appropriate service. The less information a company has about you, the less well the service can be personalized. So this problem will be addressed with intermediaries. An example of an intermediary that already exists is Digi.me, a company dedicated to managing customer data in the best possible way. Douwe Lycklama expects this type of data management company to become more widely used in the future.
Open finance will never be exactly as secure as current payment transactions because more parties have access to consumer data. More parties means a higher chance that one of the parties will deal unethically with the data obtained, than if financial traffic is exchanged between two parties. However, the regulations are full of strict privacy safeguards, preventing as much as possible that a party can and will act unethically with data. In addition, consumer consent is key.
The reality is the massive use of social media platforms such as Facebook, where both the scale and duration of the data being shared are larger and less well protected. In that respect, consumer fears about open finance can be described as somewhat irrational. That said, open finance can become more privacy-friendly without compromising quality. To do so, ironically, the adoption rate among the general public, which is currently reluctant due to privacy concerns, will first have to increase. With an increase in popularity of open finance, independent experts will emerge who can assist consumers in providing as little data as possible in exchange for an optimal financial service.
(1) https://www.ictrecht.nl/blog/psd2-online-dienstverleners-als-betalingsinstellingen
(2) https://fd.nl/futures/1337678/de-zoektocht-naar-het-eerlijke-algoritme
(3) https://www.rtlnieuws.nl/sites/default/files/content/documents/2019/05/19/Financie%CC%88nEen.pdf
(4) https://www.rtlnieuws.nl/nieuws/nederland/artikel/4716831/discriminatie-belastingdienst-toeslagen-financien-etnisch
(5) https://autoriteitpersoonsgegevens.nl/nl/nieuws/forse-stijging-privacyklachten-2019
