European Data Strategy

The European Data Strategy, which goes beyond the Digital Finance Strategy, also aims to promote the free movement of data within the EU. The Commission is pursuing this goal by creating a pan-European single market for data in nine business areas, where data can move freely between countries and sectors. The business areas outlined in the project are Industrial & Manufacturing, Green Deal, Mobility, Health, Finance, Energy, Agriculture, Public Administration and Skills.

Much of the EU’s data-related objectives relate to opening up customer data to third parties in real time. The Commission will facilitate access to customer data and public supervisory reporting data, for example by promoting the use of common regulatory technical standards. This would facilitate more efficient processing of publicly accessible data, for example to support more efficient capital markets and sustainable finance in the EU.

Evolving data protection

From an individual customer’s perspective, Open Finance could mean opening up almost all of the customer’s financial data to third parties. Valuable customer data could include information on the amount and types of credit, savings and investments as well as insurance and pensions. There are many business opportunities in utilising and enriching economic data.

From a regulatory perspective, however, the wider financial data business is not without problems. Financial information is often linked to an individual consumer and is therefore personal data. The possibilities for processing data containing personal data are generally limited. Making personal data from many other industries available to financial actors is in principle easier than making financial data containing personal data available to other industries. Moreover, in some situations, it is easier for a financial sector operator to disclose information to another financial sector operator than to a non-financial sector operator.

To make the most efficient and innovative use of data, data must also move across industry boundaries. Open Finance must, therefore, be promoted from a data protection perspective, taking into account also the other rights and freedoms of consumers.

What can be learned from PSD2?

The business potential of PSD2 has yet to be fully utilised. There are also still questions of the interpretation of the regulation. One of the issues raised is that instead of providing an actual account information service, the customer’s account information is used more for value-added services, where the customer’s account information is actually provided to a third party for enrichment, for example for credit assessment purposes. The relationship between PSD2 and the data protection regulation also requires continuous interpretation, as PSD2 and the General Data Protection Regulation (GDPR) were not aligned at the legislative stage.

Lessons learned from the preparation of PSD2 and Open Banking should be taken into account in Open Finance plans. Effective regulation requires careful preparation and impact assessment, but also that all actors have sufficient time to prepare for regulatory changes. The goal should be to improve the existing foundations of Open Banking. Regulating the wider sharing of data across business lines is one new step towards open financial services – and a data-driven world.