Committee MEPs want to enhance customers’ control over their financial data

Economic and monetary affairs MEPs propose new, innovation friendly rules allowing customers to keep their financial data safe and efficiently use them to get a better financial service.

On Thursday, MEPs adopted their proposal for a harmonised framework for access to financial data at the EU level, with 43 votes to 1 and 5 abstentions.

The framework would be established for the access of customer data processed by financial institutions across the financial sector beyond payment account data. Based on owner’s permission, their data (including holdings of savings and investments in financial instruments and insurance-based investment products as well as data collected for the purposes of carrying out a suitability and appropriateness assessment) would be made available in order to develop and provide tailor-made and data-driven financial products and services.

For smaller companies the access to data would be useful when attracting new customers, lowering costs and barriers of entry thus increasing competition and innovation for financial products and services.

Customer control over their data

Customers would decide how and by whom their financial data is used. The access should be based on customers’ explicit permission and data users would have to specify what they intend to make with them. The data could not be transferred to a third-party without permission. Moreover a consent could be withdrawn at any time and free of charge.

Financial data access scheme members, including data holders and data users, should therefore be required to agree on the contractual liability for potential data breaches, which foresees customer compensation in case data was misused, for instance if data was to be transferred to a third-party without the customer’s explicit permission.

Processing of personal data in the context of the new rules should be carried out in accordance with the exiting EU legislation.

Excluded data

Data related to sickness and health cover would be excluded from the scope, as well as confidential business data and undisclosed know-how. MEPs also decided that the large digital platforms designated as Gatekeepers pursuant to the Digital Markets Act should not be eligible to become financial information service providers (currently designated gatekeepers are Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft). These are platforms whose dominant online position makes it virtually impossible for business to reach end users if not through their gateways, and their exclusion aims to ensure that they could not circumvent the rules in case they owned or control data users

Data access

MEPs proposed the data access by way of high-quality technical interfaces, they also agreed that data holders and data users should be allowed to use existing market standards and infrastructures for technical interfaces like application programming interfaces when developing common standards for mandatory data access. Data holders should be able to request reasonable compensation from data users for costs incurred in providing access and those related to putting in place and maintaining application programming interfaces.

The European Banking Authority (EBA) should establish a register of authorised financial information service providers, as well as financial data access schemes agreed between data holders and data users. Finally, MEPs want to give 12 more months to small firms to apply the rules, to ensure their proportional involvement.

Quote

Michiel Hoogeveen (ECR, NL) the lead MEP said: “In an ever more digitalized world, it is important that consumers and firms have more efficient control access over their financial data beyond payments. With Open Finance, they will be able to benefit from financial products and services that are better tailored to their needs”.

Next steps

The file will be followed up by the new Parliament after the 6-9 June European elections.