The European Banking Authority (EBA) has published a discussion paper on innovative uses of consumer data by financial institutions.
The discussion paper identifies the risks and potential benefits of innovative uses of data to consumers, financial institutions, and financial integrity more widely. For the purposes of this assessment, the use of consumer data encompasses the collection, processing and storage of data, including aggregation tools and other data processing technologies. Potential benefits identified by the EBA include cost reductions, improved product quality, and new sources of revenue for financial institutions, whereas the risks identified consist of information asymmetries, the misuse of data, data security, as well as reputational risks for financial institutions.
Whilst general provisions apply to financial institutions on secrecy and conduct and on data protection that impose restrictions on the use of consumer data, only few requirements presently exist in EU legislation specific to the financial sector that address the use of consumer data by financial institutions. The purpose of the Discussion Paper is to help the EBA make an informed decision on which, if any, regulatory and/or supervisory actions are needed to ensure that the regulatory framework mitigates the risks while also allowing market participants to harness the benefits from the innovation.
When discussing legislative frameworks applicable to data protection the EBA notes that financial institutions are already bound by an existing body of law in the areas of consumer protection, personal data protection, electronic commerce and advertising/sales promotions. This includes, inter alia, the Data Protection Regulation, the Directive on Electronic Communications and Privacy, the Unfair Commercial Practices Directive, the E-Commerce Directive, the Directive on Unfair Contract Terms, and the Directive on Distance Marketing of Financial Services. Sector specific financial services-specific legislation, such as the Payment Services Directive, the Consumer Credit Directive, the Mortgage Credit Directive, and the Payment Accounts Directive, also touch upon the collection and processing of consumer data for marketing and sales purposes.
The deadline for comments on the discussion paper is 4 August 2016.