Information Commissioner's Office
Blog: The benefits of sharing personal data – what can we learn from Open Banking?
The ICO’s Regulators’ Business Innovation Privacy Hub has recently been looking at the key data protection considerations for innovators who are working in the Open Banking space.
Whilst the idea of mass data sharing is usually enough to send a shiver down any data protection practitioner’s spine, the rollout of Open Banking demonstrates the clear benefits it can bring both to consumers and organisations, while still complying with data protection law.
Open Banking was instigated by the Competition and Markets Authority (CMA), which was keen to increase innovation and competition within the banking sector.
Since its launch two years ago, Open Banking requires the UK’s nine largest banks to give customers better control of their data. If people give permission, the banks are obliged to share their data with third party services.
If you’ve ever used an app which scrapes money into a savings ‘pot’, or, a price comparison website, you’ll already have an idea of the concept. The technology which sits behind all of these services – Application Programming Interfaces (APIs) – has the potential to provide a level of security and individual control that other sectors are now seeking to harness.
This data sharing in the financial sector has created a culture of organisations working together to create competition and not just be in competition. Everybody benefits - consumers, developers, and the wider financial sector.
If you’re a business or individual who wants to participate in this developing ecosystem, here are our top three considerations for anyone starting out:
- GDPR must be your guide
While other pieces of legislation may come into play, you’ll still have to comply with data protection law. Build in data protection from the very beginning, and put individual rights under the GDPR front and centre. If you don’t, you run the risk of a costly rebuild – or an even more costly infringement.
- Design with the user in mind
Your customer expects you to come up with a system that is straightforward, secure, and effective in achieving their goals. If they can’t understand it or don’t trust it, they won’t use it. Think carefully about the customer journey – how will you tell them what’s happening? How will you give them control?
- Work together
It’s important that you collaborate and work with other organisations in your sector from the beginning. The whole point of the Open Banking Initiative is in the name - open APIs, open standards and open thinking – so don’t be afraid to share your ideas. Get talking with others in your sector hoping to achieve similar goals, attend conferences, ask questions, and become a part of the wider scheme. Regulators are part of those discussions too, so you can find out about your legal obligations while discussing that new use case or technological solution.
The API specifications used in Open Banking are all freely available and have the potential to provide a level of security and individual control, as do the security protocols, operational guidelines and thinking around customer experience. This means you don’t have to reinvent the wheel when it comes to data sharing.
We’re here to give data protection advice to eligible businesses wanting to innovate, or regulators seeking to support the sectors they oversee. Please get in touch by emailing firstname.lastname@example.org.
Latest News from
Information Commissioner's Office
ICO statement in response to an announcement made by the Metropolitan Police Service on the use of live facial recognition24/01/2020 15:15:00
In October 2019 we concluded our investigation into how police use live facial recognition technology (LFR) in public places.
ICO's blog on its information rights work23/01/2020 16:10:00
Colleagues from the ICO’s access to information and compliance department share their experiences and involvement in raising awareness of our regulation of access to information legislation.
ICO publishes Code of Practice to protect children’s privacy online22/01/2020 16:33:00
The Information Commissioner’s Office yesterday published its final Age Appropriate Design Code – a set of 15 standards that online services should meet to protect children’s privacy.
Blog: Adtech - the reform of real time bidding has started and will continue17/01/2020 16:25:00
A blog by Simon McDougall, ICO Executive Director of Technology and Innovation
National retailer fined half a million pounds for failing to secure information of at least 14 million people10/01/2020 13:25:00
The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.
ICO launches consultation on draft direct marketing code of practice09/01/2020 09:10:00
The Information Commissioner's Office (ICO) has launched a public consultation on a draft direct marketing code of practice.
Trust, technology and slippers with torches02/01/2020 14:10:00
Jonathan Bamford holds up a tatty bundle of papers. They’re scrumpled, time worn, ripped and held together with yellowing Sellotape, but with the Royal coat of arms crown still proudly visible on the cover.
Statement on ICO-approved certification schemes23/12/2019 12:10:00
The ICO has announced it will be working with UK Accreditation Service (UKAS) to deliver the ICO-approved certification schemes.