EBF advisor: Noémie Papp
Publication date: 26 April 2017
A number of challenges though, remain, arising from the misuse of data, information asymmetries and data security. Such concerns are taken seriously by the banking industry, as trust and integrity are its biggest assets. Confidence in banks as trusted parties is essential for their reputation and business model, a fact which adds to the effort and investments put into maintaining and improving setups, guaranteeing the safety of customer data.
The benefits of digitalisation can only be reaped if each and every stakeholder follows the same rules, and if the financial services’ industry can apply data-based innovation in a clear regulatory environment that is the same for all players.
The importance of having an appropriate competitive environment with a level playing field for all the different players should be the main reason for ensuring that not only banks have to comply with high standards in order to use personal data.
This level playing field needs to be achieved both:
– within the EU between different types of firms, e.g. banks and non-banks; and
– between EU and non-EU firms.
Stricter European rules should not inhibit EU firms’ ability to innovate, to operate dynamically, to use innovative data services and to direct services to targeted market segments if their competitors from outside the EU can serve European customers without similar restrictions.
If we agree that data is the most valuable asset in the digital world, helping European players to deploy the highest capabilities in data is essential in order to guarantee their competitiveness. The success of the Digital Single Market inevitably depends on it. As a result, any regulatory development in the field of data should guarantee that players be allowed to extract value from the work they perform with data, while preserving data protection and the privacy rights for consumers.
Further consideration should also be given to enhancing the cooperation between the competent authorities regarding cybersecurity, data sharing, or to ensuring further legal certainty in the interpretation of the General Data Protection Regulation (GDPR).
It is our understanding that only non-personal data is considered in the current European Commission’s consultation on “building a European data economy”. In our view the issue of data should be considered as a whole (personal and non-personal) by the European Commission in the Digital Single Market Strategy (without challenging the fact that nonpersonal data is outside of the scope of the GDPR).
The paper focuses on the following issues:
1. LOCALISATION OF DATA FOR STORAGE AND/OR PROCESSING PURPOSES
2. ACCESS TO AND RE-USE OF NON-PERSONAL DATA
3. LIABILITY FOR PRODUCTS AND SERVICES COMING OUT OF INTERNET OF THINGS (IOT) TECHNOLOGIES AND AUTONOMOUS SYSTEMS
4. PORTABILITY OF NON-PERSONAL DATA, INTEROPERABILITY AND STANDARDS