15th August 2016

Customer data: risks and opportunities

Written by Walter McCahon, Policy Advisor, Retail

As we all know, over recent years we have seen a dramatic increase in services based around data processing, data analytics and generally all things ‘data’. This isn’t limited to the likes of Google and, increasingly, we’re seeing examples of this in the financial services sector.

Indeed the European Banking Authority recently issued a discussion document on innovative uses of customer data by financial services firms. There are pretty familiar examples, like giving personalised deals or rewards, and also some that go further, like alternative credit reference services in the US which use data scraped from social media.

We are also witnessing moves towards greater opening up of financial data. The Revised Payment Services Directive will, among other things, enable start-ups and fintechs providing payment services or account aggregation to access a customer’s banking data (though only with customer consent). Similarly, the Open Banking Working Group released a report in February about how even greater opening up could be achieved to spur further innovation, and the Competition and Markets Authority is looking to push this work ahead.

The flip side to this is data protection and security concerns. It is of course vital that any time a consumer’s financial data is passed on to another business, this data is kept secure. The European Banking Authority will be providing guidance to help with this and industry will need to have this issue front of mind as new systems are rolled-out.

It is also important that we ensure customers keep proper control over their personal data and that firms are transparent about how that data is used. This is not without challenges, though, as customers might not always read information they are given and small screens on smart watches aren’t an easy way to read a lengthy privacy notice. The Information Commissioner’s Office has been thinking about how to achieve transparency in the digital age, and we are looking forward to the outcome of their recent consultation in the coming months.

Sitting over all of this is the General Data Protection Regulation, which is intended to modernise data protection law when it comes into force in May 2018. This is a big, complex reform but effective implementation would help ensure we can realise the benefits of innovation and new data services, while enhancing transparency and individuals’ control over their personal data.

Please register or login to add this to your interests.