Pietro Grandinetti, PhD, President and CTO, Pentadata, Inc.
getty
Not long ago, consumers were kept in the dark. They didn’t have visibility into who had access to their financial data, what was accessed or how it was used.
Today, our industry has made progress. While consumers aren’t crystal clear about what’s going on just yet, they have a better idea of what happens to their personal information once it’s collected.
But the best news is on the horizon: The future looks bright, with consumers soon to fully own their data access processes, understand what’s happening and reap the benefits of being in control of their own information.
On Oct. 5, 2021, the Financial Data Forum (FDF), a division of the Digital Commerce Alliance (a non-profit trade association promoting standardization and best practices for financial data transparency) held an online conference. I gave a presentation centered around the emerging concept of financial data portability.
The interactive session included senior representatives from the banking, fintech, merchant, card-issue, mobile wallet and card-linking industries with a vested interest in driving change. We explored the evolution of data portability and what’s happening to advance it.
This article summarizes the conversations that took place among FDF and DCA members that day.
How Change Is Possible
In a word: portability. Data portability lets consumers own their data and decide how it’s used. It’s a means for an individual to have the ability and the understanding to port (or move) data collected about them. They can choose to move their personal information between services, apps and/or IT environments to optimize transparency and best meet their needs, as opposed to the needs of third parties.
Consumers’ right to portability is being driven in large part by regulatory activity. Two recent legislative acts — one in the U.S. and the other in the EU — are paving the way for people’s ability to easily transfer their data as they choose:
• The California Consumer Privacy Act (CCPA)
• The General Data Protection Regulation (GDPR)
When comparing CCPA and GDPR, it’s apparent that both focus on the novel concept of portability. Portability requirements ensure that individuals can easily obtain, move, copy, transfer and reuse their personal data. For instance, the GDPR text reads that consumers have the right to receive data that is being collected about them by an organization and share that data with other organizations. Data must be delivered in a structured, commonly-used and machine-readable form. In other terms, as worded by the CCPA, it must be portable.
Consumers have the right to select what piece of data to share, and they can revoke access at any time. They can look at what data they want to grant access to and decide that they want to port that same data into another app instantly.
Imagine how powerful having that ability could be. For example, what if a consumer enrolled in an airport loyalty rewards program wanted to reap the same benefits from their preferred ride-sharing company? With a few clicks, they could make it happen — and start benefiting right away.
We aren’t there just yet. But a digital world where consumers can grant permission, revoke permission and port their own data with just a few clicks is in the making, thanks to the constant work and collaboration between portability players, as well as advocate organizations and end-user applications that care about their customers’ privacy.
The Portability Players
There are three types of players in the game: data sources, data recipients and the data portability platforms that provide a secure and robust link between the two.
• Data sources (i.e., financial institutions, data access networks) want to make sure consumers can port their data, but they don’t have the agility to support a lot of different use cases.
• Data recipients (i.e., consumer applications, mobile wallets), being consumer-experience focused, don’t have the energy to deal with all financial institutions.
• Data portability platforms are needed to bridge the gaps — providing the agility and energy to power consumers’ ability to easily transfer their data for their benefit.
Why It's Possible
Yes, data portability is attainable. The capability exists and will only get better with time. Consumers have demonstrated that they’re receptive, and the regulatory groundwork has been laid.
Complex systems work when every player follows the rules and is conscious of the fact that the highest reward comes when the entire system works in concert. A single participant can do its job, but it takes the village, so to speak, working in tandem to deliver benefits to all.
Much like in the Nash equilibrium, where each entity involved understands the strategies of the whole, big opportunities are created and huge payoffs are achieved by increasing consensus. Internal fights are counterproductive, and no party gains by changing only their approach. That’s the most important takeaway — one supported by the industry’s influential trade associations, the DCA and the FDF.
Lessons Learned
Developing the next-generation portability platform, as I know firsthand, must involve building a platform from inception to include the cornerstone ideas covered in this article: portability, CCPA and GDPR, putting the consumer in control and collaboration between players.
Our team has learned a few lessons along the way:
• Move fast, but don’t rush. The industry is evolving at an impressive pace. Organizations need to keep up to be successful. At the same time, it’s trust that forges long-term collaboration and adoption, and trust requires time. Aim for balance.
• Respect privacy through technology. Leverage cutting-edge technology that is made for the future. Make sure to partner with an organization that unequivocally ensures consumer privacy is never violated.
• When in doubt, let consumers choose. Products are fun to build, but if you develop them in a vacuum, you may miss a point where consumers would have preferred to take a different path. Don’t make assumptions: Ask those with the most at stake.
The key takeaway is simple: Consumers own their data and need the ability to determine who gets it. Now is the time to embrace this concept.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Follow me on LinkedIn. Check out my website.