When referring to the power of data, it is widely thought that data is the new oil. In fact, they do share some features: both need to be searched, extracted, refined, transported and eventually consumed; both have different qualities and prices depending on their intrinsic properties. When contemplating their differences, the first thing that comes to mind is that the maturity and the consolidation of the oil industry both far surpass those of the data industry.
Given that from oil we get many tangible products, such as plastics and fuel for our cars (without mentioning the wars and their death tolls), we have been taught to associate oil with something of incredible value. Instead, customer data is very much linked to recent phenomenons like the digital economy, the Internet and the way people use it; therefore it seems that some individuals, companies, policymakers, and societies are yet to understand its market dynamics (also due to a certain degree of market opacity and the lack of regulation).
One way to look at the monetary value of customer data is through the analysis of the specific multiples of recent acquisitions in the tech industry. For instance, according to SEC filings, in 2014 Facebook paid approximately 31 dollars per Whatsapp user when it bought the company (19 billion dollars for 600 million active users) and similar prices for Instagram. However, we should not forget that there are many types of customer data and that the level of detail and quality inevitably and exponentially impacts the overall price. Indeed, social media data is different from financial transaction data (the one of an individual’s credit card for instance) because the latter represents customers’ actual decisions. Spending money requires a lot of thinking and what you buy or where you spend can offer a great deal of information about you.
Banks are among the few lucky ones who have direct access to these high-quality raw data fields, but it is thought that they are not successfully leveraging this competitive advantage. After September 14th 2019, with the aim of fostering transparency and competition, the Payment Service Directive 2 (PSD2) will ensure that European third parties have a level playing field for offering information and payment services at least at parity with banks. Third Party Providers include fintech and retail businesses, telecommunications providers, payment services and financial account aggregators.
According to the report “FinTech and market structure in financial services: market developments and potential financial stability implications” published in February 2019 by the Financial Stability Board (FSB), banks are not ready to cope with this new wave of competition emanating from technology companies. This could translate into an uneasy situation for banks and could possibly compromise the security and stability of the whole financial system. In their defence, banks rebut that the PSD2 affects them in stricter ways than other data regulations and laws affect Big Techs and other traditional industries (Big Techs are often referred to since they are expected to enter the financial services industry and ultimately, eat the banking industry’s lunch).
If PSD2 has helped banks bring the problem to the surface, namely the emergence of new actors in the banking and financial services industries; it is also true that PSD2 is part of the solution as it is encouraging banks to rethink their business models and to invest in new technological infrastructure, operations, and more importantly, business culture. In particular, the PSD2 Regulatory Technical Standards (RTS) silently stimulate banks to build new cloud-based, API-first (and possibly open source) technology middle layers. This allows them to interact with TPP while using firewalls to encapsulate the old core banking systems, which are good for storing and protecting confidential data but were not made for dealing with today’s data economy. It is universally accepted that the more banks, their shareholders and partners experiment with and understand APIs, the more competitive the banks will be.
In fact, specific metadata APIs can help banks enrich transaction, payment and account data with metadata including geolocations, comments, pictures, tags to categorise transactions, and the possibility to link data to other sources of open data (Open Corporates ID, etc). Eventually, enriched transaction data will translate into an improved analytical capacity for the bank and greater partnership strength in its ecosystem. Thanks to this and other sets of APIs, the bank will be able to surface and combine transactional data from customer accounts and reveal them via “Views”, which can be tailored to provide exactly the minimum level of detail required by each TPP depending on the “View Permissions” previously set by their customers. For instance, a business account might provide auditors with full read-only access whilst co-workers might only see the account balance, and a supplier might only be able to check whether funds are available or not.
It seems that data mining and data privacy are not unconnected, but rather two faces of the same coin, indeed like credit and debt. A specific banking API management solution could allow banks to become the most reliable option for protecting customer data as they have been caring for their savings since the XIV century, supporting economic growth while preserving customer privacy. Banks will simply need to learn how to use data as their new competitors are already doing, without forgetting that bank customers rely on banks because of their relationship built on trust and security.
There are surely many fundamental open questions about data privacy, its governance and whether or not to give property rights to personal data. Today neither economists nor public opinion have straight answers to these questions, but regulators and international organisations should look back at history not to make the same mistakes: we should definitely avoid building data oligarchies; we must, beyond any doubt, avoid fighting wars for data control; we should attempt, to the best of our abilities, to prevent a global data crisis. Certainly, we should aim for a system that will favor neither corporations nor consumers, but that will finally see harmony between the two.