This article originally appeared on AmericanBanker.com
President Trump this month signed into law a measure that overturned an Obama-era internet privacy regulation. The previously adopted rules, which had yet to take effect, would have required telecommunications companies to obtain user consent before collecting personal information on consumers’ online activities.
With the overturning of this regulation, internet service providers will now be the de facto controller of data privacy standards for fintech businesses and consumers. In the past, the internet giants of the world like Facebook, Google and Amazon typically set industry standards and best practices on privacy that were later adopted by many in the fintech industry. Then, consumers were able to choose the platforms that best adhered to their privacy preferences. For example, they could refrain from using platforms like Facebook and could turn off cookies to avoid being tracked by services like Google. But under this new system, that choice is somewhat irrelevant. Consumers wanting to access the internet cannot choose to stop using their ISP.
Far from providing equal market opportunities, the Trump administration’s attitude toward data privacy regulations serves only a discrete group of large U.S. corporations by giving them total control over private consumer information for advertising purposes.
On a global level, repealing the Obama-era law will also have a disparate impact on American disruptors in the fintech and banking industry — companies that already face a fragile environment for facilitating international trade and innovation. Weakening privacy rules sends a clear signal to the world that the current administration does not respect the privacy of its citizens. In general, the U.S. government has indicated that it will not regulate the activities of U.S. corporations when it comes to consumers’ rights to privacy. This is a marked difference from the direction that most other governments are taking, especially in Europe and Asia, where the dramatic expansion of internet users is accompanied by a growing number of regulatory frameworks and rules.
Not holding the U.S. to the same global privacy standards as many of our trading partners will do more than just undermine trust in American fintech companies. It will also hinder cross-border data sharing and, as a result, stifle global innovation for financial institutions that rely on safe international data exchange. Indeed, repealing the regulation incentivizes organizations across the world to work with non-U.S. businesses that are more heavily regulated by their national governments, and therefore, are more likely to safeguard the privacy of customer information and their right to choose how their data is being shared.
In this era of infinite data creation, it is more important than ever for the U.S. to demonstrate a robust and consistent approach to data privacy. The regulatory debate needs to redirect its focus on giving consumers greater control over the use of their personal information and creating a more trustworthy environment. Three concepts are fundamental to achieving this goal.
First, consumers should be able to provide consent for the use of their data for decisions that directly concern them, such as consideration of a loan application. One idea is to require financial institutions not only to explain to consumers how their data is used to evaluate creditworthiness but also to get their permission to use such data via end-user license agreements.
Second, financial organizations should be discouraged from storing customer data that they do not need. Technology solutions have made it much easier nowadays to access customer information only when required or at the point of decision-making, so companies should refrain from keeping unnecessary personal data on file.
Third, financial players should do whatever they can to protect their users’ data. Simple features, such as requiring users to authenticate by logging on to more than one device, can help add additional layers of protection to avoid harmful hacking incidents. Third-party vendors and contractors must also be held to the same standards as their fintech clients to eliminate unintentional weak spots, such as those demonstrated in Scottrade Bank’s latest data breach episode.
Regardless of the administration’s stance on regulating internet privacy, fintech companies should independently remain committed to the highest data privacy standards and continue to strive to meet global best practices. The industry has a lot to gain from maintaining a reliable and safe ecosystem for cross-border data sharing.
As privacy issues persist, consumers will also become increasingly invested in protecting their personal data. They will favor working with fintech groups that treat them as the owners of their information and not the reverse.
By Stefanie Schmidt, General Counsel & Chief of Staff, DemystData