Balancing Data Privacy and Personalization in the Open Banking Era

Summary: Open banking uses personal data to provide clients with hyper-targeted and customized services. But finding the right balance between personalization and data privacy is an ongoing challenge for financial institutions. Learn more about open banking, and how banks and third-party providers are using technology to navigate the future of fintech.

Technology has fundamentally shifted the way customers interact with companies and products. The digital transformation has given rise to a level of customization and convenience that was once only accessible to a privileged few. Products and services tailored to exact needs, interests, and income level have become increasingly common. However, this kind of convenience comes with a price. It runs on personal data – lots of it.

The financial sector, once a closed book in terms of customer data, has embraced the open banking era to offer personalized products, services, and experiences. This can be both a benefit and a burden as financial institutions perform a delicate balancing act between preserving data privacy and providing the level of customized service customers have increasingly come to expect.

The risks can be great, but so can the rewards. According to a McKinsey report, open banking could provide an economic boost of about 1 to 1.5% of GDP in the United States, European Union, and United Kingdom by 2030.

Read on to explore the open banking era and learn how financial institutions can use document processing technology to successfully navigate the future of fintech.

Let’s cover the fundamentals first. Open banking, also known as open finance, is a practice that uses APIs (Application Programming Interfaces) to provide third-party financial service providers open access to customer banking, transaction, and other financial data. This data can come from both banks and non-bank financial institutions, and is commonly used by fintech startups and other online financial service providers.

Here are some common data points collected through open banking practices:

Instead of personal data remaining siloed in the depths of separate bank systems, customers can consent to share their personal data with a network of different third-party providers, typically fintech companies or apps. For customers, there are a number of benefits associated with sharing data this way:

Financial institutions can benefit from open banking, too. An influx of data about current and prospective customers means financial institutions can both offer hyper-targeted products and gain valuable lead generation information. Open banking can also help reduce operational costs by digitizing data that’s currently stored in physical documents, intelligently extracting data from documents like PDFs, and connecting disparate sources of information, which enables more automated workflows.

The problem with sharing data more openly is that it can sometimes fall into the wrong hands. Since data is shared with third-party fintech companies and apps, open banking practices come with more potential points of entry for unauthorized access to personal information. Customers are able to choose how much they want to share, but ultimately, the responsibility of protecting that data falls to financial institutions.

The costs of getting it wrong can be astronomical. Equifax learned this during their 2017 data breach. A vulnerability in their open-source development network and failure to renew an encryption certificate resulted in the exposure of 147 million people’s private information and up to US$700 million in fines. The damage to customer trust was also severe.

Data breaches can not only be caused by system vulnerabilities, but by people who look to exploit or create vulnerabilities. Phishing, skimming, and card-related fraud are just a few of the methods used to target financial data. And the list keeps growing as technology continues to advance.

On the surface, data privacy laws like the EU’s General Data Protection Regulation (GDPR), Brazil’s General Data Protection Law, and Japan’s Act on the Protection of Personal Information seem to conflict with the core idea of open banking. These laws strictly govern the way personal data is collected, stored, and used, so it’s natural to assume they’d be inherently incompatible with open banking. This isn’t strictly true – it is possible to be compliant and engage in open banking. However, as with many confluences of innovation and legislation, there's some debate on how the established laws can accommodate new concepts and ideas.

For example, the GDPR’s minimization principle requires that the collection of personal data be limited to what is directly relevant and necessary to carry out a specific purpose. But there’s room for confusion when it comes to interpreting that guidance for open banking purposes.

Various regulatory bodies, trade associations representing financial institutions, and other interested parties are taking part in ongoing conversations to clarify and codify exactly how data privacy legislation and open banking can evolve together. While those details are being sorted out, though, the safest course of action is to follow the established laws of the land and remain compliant.

One of the hallmarks of open banking is that customers now have all the power over their data. They are the ones who choose to share it – or not. This is a fundamental shift from when banks treated clients’ personal info more like a closely guarded secret.

Empowering customers to share their own data and gain the benefits of open banking comes with a few requirements for banks and the third-party providers. Both are responsible for providing top-notch security measures to protect client data and following stringent compliance legislation (like GDPR) based on location.

Financial institutions must also get explicit customer consent to share data, and be completely transparent with communication, so clients know the exact extent of the data banks and third-party providers are holding and sharing.

To put it simply, the data channels are open for business, but extensive security and compliance measures must be taken to protect both customers and the financial institutions themselves.

Learn how Apryse Intelligent Document Processing enables fast data extraction while maintaining compliance. Read the blog post.

Given the complexities surrounding open banking, here are a few things to keep in mind when it comes to securely balancing privacy, personalization, and compliance:

Want to learn more about secure document redaction? Check out our Ultimate Redaction Guide.

As we’ve explored in this blog post, data privacy is paramount to the success of open banking and continuing customer trust in the digital era. If you’d like to see our redaction capabilities in action, explore the demo today. For more information on how Apryse can help you keep customer documents secure, get in touch with our sales team.