A fit-for-purpose EU data sharing environment requires a balance between enabling access and use of data, while at the same time, preserving privacy. Customer interaction with financial data is a key area experiencing important shifts, especially as new regulations are coming into play.
The EU’s Financial Data Access (FIDA) proposal is designed to protect personal financial data and ensure privacy, while putting customers in control of their data. While FIDA is still being developed, it’s already shaping up to be a game-changer in how financial information is shared and managed. The regulation does it right by pitting privacy and data protection at the forefront.
Let’s dive into the core ideas behind the FIDA proposal and how it aims to balance consumer privacy with the growing demand for better, more personalized financial services.
FIDA is built on the principle that customers should have full control over when and how their financial data is shared. Financial data can only be shared with the permission and initiation of the customer. According to the FIDA proposal, data holders would be legally required to share customer data once the customer requests it to be shared with another data user. When personal data is processed, the data user will have to ensure a valid lawful basis for processing in compliance with the GDPR.
Once the customer has given consent to share their financial data, the FIDA regulation would ensure that the customer understands exactly how it will be used. Data users are required to provide clear information about why they need data and how they’ll use it prior to giving consent.
This approach gives customers more control over the flow of their data, fosters trust and helps ensure that data sharing is a customer-initiated process. This is an important shift from the past, where customers may not always have been fully aware of how their data was being used or shared.
FIDA also imposes strict limits on how financial data can be used by data users. Once the customer shares their data with a data user, they can only use it for the specific purpose you’ve agreed to. As explicitly stated in the FIDA proposal, the data user can only access customer data made available for the purposes and under the conditions for which the customer has granted its permission. The data user should delete customer data when it is no longer necessary for the purposes for which the permission has been granted by a customer.
These clear boundaries help protect against misuse and ensure that data isn’t exploited in ways it is not authorized. It’s an important safeguard in an era when data privacy is a growing concern for customers.
One of the key features of the FIDA regulation would be the ability for customers to easily view and revoke permissions if they choose to do so. To facilitate this, FIDA introduces the permission dashboards. This is a key tool that gives customers an easy way to see and manage the data they’ve shared. Through these dashboards, it is possible to quickly review who has access to data, what they have access to, and for what purpose. If the customer decides that they no longer want to share financial data with a particular service provider, they can withdraw your consent.
This flexibility gives customers peace of mind, knowing that they are not locked into agreements they are uncomfortable with. It’s a straightforward way to keep control over your personal data and track who has access to it at any time.
FIDA works in tandem with the Digital Operational Resilience Act (DORA), which sets strong cybersecurity standards for anyone accessing financial data. FIDA makes an explicit point that data users subject to FIDA must comply with the requirements of DORA, ensuring that they implement “strong cyber resilience standards” to carry out their activities effectively. DORA ensures that all financial institutions, insurers, and third-party service providers have the necessary security measures in place to protect your data, including encryption, secure access controls, and incident response protocols.
This added layer of security helps reduce the risks associated with data breaches, fraud, or unauthorized access.
While FIDA is still in the proposal stage, it has the potential to reshape how financial data is accessed and shared across Europe. By giving customers greater control over their data, requiring clear transparency from service providers, and establishing strong security measures, FIDA aims to create a safer, more consumer-friendly environment for financial data.
With privacy safeguards in place and better control over how data is shared, the regulation offers a way to provide more personalized financial services while ensuring that privacy remains a top priority. Empowering customers with control over their data and ensuring the protection of their data is exactly what we aim for at Insurely and what we consider to be the optimal open finance environment. That’s why we are excited about what FIDA brings for both customers and financial services. If you want to know more, don't hesitate to reach out.