Posted on April 28, 2018 by Sumita Kale
Flagging two items in this blog post
1. The General Data Protection Regulation (GDPR) comes into force from May 25, 2018 in Europe - Emma Firth has summarised ten points we should know
- Privacy by design means that when you download an app or sign up for a service, you should not be asked for data that is not directly needed or relevant for the purposes of using that app or service.
- Explicit permission means what it says on the tin – when you give permission to an app or website to have or use your details in a specific way, they can’t use it for any other purpose or, crucially, sell it on to third parties.
- Data portability gives you the right to ask for any data that a company has about you in a machine-readable format so that you can reuse it, for example to give it to another service provider. Ideally, this would be through an API, although the legislation doesn’t mandate this. One of digi.me’s key differentiators is accessing all these APIs and other interfaces and normalising data from a variety of sources in one place, and we will continue to make life easier for all in this way
- Giving someone your data doesn’t mean they can keep it forever – under the GDPR you have a right to be forgotten and will be able to ask companies or platforms to delete your data if you no longer want them to have it. The two exceptions to this are a) that it won’t apply to information that there is a legal requirement to keep, such as medical records and b) that it is also a personal right to forget, distinct from the 3rd party Right to be Forgotten, where individuals can request that outdated or undesirable information about them be removed from search engines.
- Clear and affirmative consent will be needed before private data is processed and this will require an “active step” such as ticking a box. The Parliament was clear when the legislation was announced that “silence, pre-ticked boxes or inactivity will thus not constitute consent. In future, it should also be as easy for a person to withdraw consent as to give it.”
- A right to be informed in plain and clear language – MEPs have insisted that the new rules will put an end to “small print” privacy policies and that information should be given in clear and plain language before any data is collected.
- Clear limits on the use of profiling – there will be new limits where automated processing of personal data is used to “analyse or predict a person’s performance at work, economic situation, location, health, preferences, reliability or behaviour”, including creditworthiness. Under the new regulation, profiling would generally only be allowed with the consent of the person concerned, where permitted by law or when needed to pursue a contract and requires human intervention. MEPs have also insisted that profiling should not lead to discrimination or be based solely on sensitive data, such as ethnic origin, political opinions, religion or sexual orientation.
- One law for the whole continent – one of the biggest attractions is that Europe will now be covered by one law, applied in the same way everywhere, instead of a patchwork of national ones dating back to when the internet was in its infancy. Savings from dealing with one pan-European law rather than 28 are estimated at €2.3bn per year.
- A regulatory one-stop shop – businesses will only have to deal with one regulatory body rather than 28, making it simpler and cheaper for companies to do business in the EU.
- The new rules promote techniques such as anonymisation (removing personally identifiable information where it is not needed), pseudonymisation (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorised can read it) to protect personal data.
In India, we are just beginning to shape the way data is shared, with more discussion on what Indian legislation can look like.
2. What does Open Banking mean for banks? Chris Skinner in his blog gives a hint of the global dynamics:
We are hearing a lot about banks talking partnership and co-creation, but we haven’t seen much of that happening so far. There may be a lot more in the future, but true partnering between FinTechs and banks is few and far between today. In fact, it appears that most banks are a bit confused about what’s going on. Half of the major banks weren’t ready for Open Banking in time, and many are asking where’s the business case for doing Open Banking, especially if it demands high risk and costly investments in systems upgrades and replacements.
In summary, most of the attendees at my dinner felt there are a lot of things changing around the banks, but little changing in the banks themselves. They believe Open Banking and Open APIs will change banks, but it will be nibbling around the edges of the system and that, by 2025, the big banks will be leaner, faster and cooler, but they will still be the big banks
This is a bit of a dampner for those in India, who are optimistic of fintech taking the baton from banks and leading the spead of financial inclusion. Of course, there is the possibility that India could lead the world by showing a totally different pattern of partnership and dynamism.
Posted in Uncategorized