GDPR, PSD2 & ePrivacy: New Regulations Will Drive Financial Services Innovation
Few people associate regulation with innovation. For some, its seen as a necessary evil to protect consumer rights and fight fraud. For others, it’s a straitjacket that can reduce operational agility. Much has been said about the opportunity to enhance the customer experience by strengthening individual data rights under the General Data Protection Regulation. However, the GDPR is not the only data regulation driving innovation in Europe: the PSD2 & the ePrivacy Regulation are also prompting financial institutions to consider how to turn regulation into an innovation opportunity.
Fuelling the digital revolution
The first is the Payments Services Directive II (PSD2). PSD2 will fuel the digital revolution, catalysing new third-party services that will enable the increasingly important sharing economy.
But there’s another, more subtle effect of the Directive that will prove equally important. The Account Information Service Providers (AISPs) introduced under the PSD2 will enable consumers to view their multiple bank details in a single portal. This move will empower consumers by unifying their financial services and the related data.
Consumer empowerment also lies behind the proposed ePrivacy Regulation. If enacted (estimated to be in late 2018), the Regulation will align the rules for electronic communications with the new EU General Data Protection Regulation (GDPR). GDPR requires all businesses handling EU customers data (regardless of where they’re based) to demonstrate accountability and transparency in customer data use. It also imposes more stringent consent requirements from the data subject before sharing or processing their data.
The ePrivacy Regulation builds on GDPR by extending consent to the processing of customers’ communications data and metadata. This new consent-centred approach promises to unlock the value of customer data for businesses by enabling a richer sharing economy, with customer transparency and control.
The sharing economy evolves
With the emergence of the sharing economy and our growing reliance on online services, data is more valuable than ever. But the current model doesn’t capitalise fully on that value.
Today, a customer gives a business their details in exchange for a service; but this data often just sits on the service provider’s infrastructure where it provides little or no value.
Significantly, PSD2 and the ePrivacy Regulation are leading to a new model for data processing; one fit for the sharing economy. Here, a consumer stores their data in a secure, dedicated app provided by the AISPs and third-party companies that PSD2 will help proliferate. The consumer then chooses which organisations have access to the app – thereby providing the consent that will be demanded by GDPR and the ePrivacy Regulation.
This is a consumer-centric approach to data rights management that’s fit for the digital age.
As customers, we will be empowered to control our data and share it on a quid pro quo basis – I might, for example, agree to share my personal data in return for a better mortgage rate.
Firms, meanwhile, will need to work harder to keep their access rights to consumers’ up-to-date information; but they will benefit from the creation of new revenue streams – selling customer data to third parties for example, where consent has been given to do so.
PSD2 will see a flourishing of new customer-centric financial services that will further transform the industry. This innovation will be guided by a new imperative of informed consent that GDPR and the ePrivacy Regulation will enshrine.
Firms that can evolve to provide customers with the tools they need to view and manage their own data will have a huge competitive advantage. They can win customer trust while putting their data to profitable use by personalizing services, driving customer loyalty and increasing revenues.
Our message is therefore clear: don’t fear regulation, use it to find new opportunities.