Consumer financial information under the spotlight in Brussels. All the details
The European Commission has presented a proposal to regulate the access, sharing and use of data in financial services (FIDA).
Following a horizontal approach that has been in use for some time, the proposed regulation is also relevant for supplementary pension operators given that the categories of data considered also include pension rights accrued in IORPs and PEPPs.
IORPs (together with PEPP providers) are also among the entities that act as data controllers or users.
Customer data includes personal data (as defined by the GDPR) and non-personal data collected, stored and processed by the financial institution as part of its commercial activity with customers; they include both the data provided by the customer and that generated by the interaction between them and the financial entity.
The regulation provides that, upon request of the customer, the data owner makes his data available to the user exclusively for the purposes for which the authorization was granted.
The sharing of such data may involve the payment of a fee to the owner but this information must be made available as part of the financial data sharing systems being established.
When making the data available, the owner must ensure that the users receiving the information have actually received authorization from the customers and to this end must make available to the latter a control panel for monitoring the authorizations granted, for the revocation/ restoration of these permissions.
In order for this panel to be as updated as possible, the proposed regulation requires close collaboration between owners and users.
The proposed regulation requires that data holders and users join one or more financial data sharing systems within 18 months of entry into force.
The regulation also provides some general principles for the governance of such data sharing platforms.
Data owners and users are expected to enjoy equal and fair representation in internal decision-making processes and equal weight in voting procedures.
Access to the platforms is open to new potential members on the basis of objective and non-discriminatory criteria.
Each system will then have to define the rules and interfaces for data sharing.
Lastly, it is up to each financial data sharing system to define the maximum compensation that the data owner can request for making the information available for the benefit of users.
This remuneration must be based on a principle of reasonableness and must be defined with an objective, transparent and non-discriminatory methodology towards certain participants in the system.
Furthermore, it must be reviewed periodically, in light of any technological developments that may occur.
In principle, the methodology should aim to minimize this compensation, favoring the formation of an efficient market.
Participation in a Financial Data Sharing System will trigger an obligation to communicate to the competent authority of the country in which the infrastructure is established.
Lastly, the proposed regulation establishes a new figure of data user who is represented by financial information service providers.
This is a new type of data user for whom, in order to guarantee a high level of security and reliability of his modus operandi and internal systems, the proposal sets a series of limits, including the fact that operations are subject to to the granting of authorization by the competent national authorities and establishes some organizational requirements.
read also With Ukraine collapsing, US attention shifts to Moldova