Nick Caley is Vice President – Financial Services and Regulatory at ForgeRock and frequently shares his views on Data Protection, GDPR and Open Banking.
What do data businesses and banks have in common?
As the impact of the Cambridge Analytica revelations continues to grow, Facebook promises major policy overhauls to address unsavoury data-handling practices, that finally have consumers waking up to realities and risks of online data sharing.
The high level of public attention suggests that the digital economy will feel the long-term effects of these data scandals. A change in consumers’ data-sharing behaviour can be expected. At a time when the UK banking sector is seeking to open up and encourage data sharing as part of the Open Banking initiative, this puts considerable pressure on banks and fintechs to make their data sharing practices more transparent.
As consumers become more cautious about how and where their data is being used, UK banks need to prepare for their data management capabilities to be put under extra scrutiny. Even if banks are already in the process of preparing for the EU General Data Protection Regulation (GDPR) which is coming into effect in next month, they need to be extra vigilant when it comes to handling customer data responsibly. The initial flurry of headlines around the Cambridge Analytica scandal might be over, but media and consumer attention for data protection and privacy practices certainly isn’t.
Of course, the issue of data sharing without consent was well known before the Facebook and Cambridge Analytica revelations put the data protection of companies so firmly on the media agenda: Research we commissioned before the sharing of Facebook user data was even made public, revealed that 57% of consumers in the UK are worried about how much personal data they have shared online. Furthermore, almost two thirds (63%) admitted that they know little or nothing about their rights regarding their own data.
Interestingly, over half (53%) of UK consumers said they would not be comfortable for their personal information to be shared with a third party under any circumstance, and only a third 36% would be happy to share data in order to get a more personalised service. In light of Open Banking, this presents a major challenge for wider adoption of data sharing, especially when the data is financial.
At the same time, banks have a considerable advantage over more agile, customer-centric companies such as fintechs: the banks already enjoy a high level of consumer trust and can use this trust as an asset.
The same consumer research revealed that UK consumers consider banks and credit card providers among the most trusted holders of personal data with 82% of UK consumers saying that they trusted banks and credit card companies to store and use their personal data responsibly. In comparison, only 63% of Britons say that they trust social networks to treat personal data in a responsible manner.
The significant difference between banks and digitally native companies is that banks have longstanding customer relationships and a track record of storing and managing consumer data safely.This is great news for the banking sector as it prepares for a new wave of competition from fintechs and challenger banks once Open Banking is fully taking effect. When it comes to securing access to customer data via APIs, banks already have years of expertise to show for themselves with well-defined security operations and experienced teams in place who are utilising the latest security technologies combined with established standards.
In addition to having a history of securing customer data, our research found that there is a correlation between how much control consumers feel they have over the personal information they share and how much they trust the companies they share it with. In our survey, banks and credit card companies were ranked among the organisations that gave users most control over their data: 58% of consumers agreed, ranking banks and credit card companies just behind Amazon (60%), and before mobile phone operators (51%).
This is interesting because it shows that investing in systems and processes that enable users to take control of their own data pays off. This is particularly true at a time when data controls and privacy policies are under scrutiny and receive more attention from consumersthan ever before.
For banks, and in fact any company handling consumers’ personal data, making consumer consent a central part of their strategy has never been more important. Together, the regulatory changes of GDPR and Open Banking and the public pressure of the Cambridge Analytica revelations demand a new and more consumer-centric approach to data sharing and management.
By putting consumers in control over how and under what circumstances their information is shared, implementing dynamic consent and taking transparency seriously, organisations will be able to grow consumer trust and build positive long-term relationships with their customers. This will in turn allow them to offer additional services, based on personalisation, and explore new revenue streams.
For banks, there is a real opportunity to make the most of the unique situation they find themselves in: by building on their existing consumer relationships and putting customers firmly in control of their own data to become the leaders of an era of truly personalised digital services.