Response to the European Commission’s Consultation on Open Finance Framework and Data Sharing in the Financial Sector | Finance Watch

Response to the European Commission’s Consultation on Open Finance Framework and Data Sharing in the Financial Sector

05 July 2022

Consultation response

In its response to the European Commission’s targeted consultation on Open Finance framework and data sharing in the financial sector, Finance Watch emphasises that the creation of this framework must not compromise a high standard of data protection and privacy for the consumer and must be accompanied by clear rules on which specific data can be used for different use cases.

Finance Watch supports the creation of Open Finance tools that help citizens manage their personal finances and access relevant information about different financial services. However, it emphasises that these tools should not be maintained by financial services providers, but by public authorities.

It also recommends that financial services providers or intermediaries should only have access to data provided by an Open Finance framework if the data is anonymised and aggregated in line with GDPR. In addition, financial services providers and intermediaries should be prohibited from any further processing of user data outside of clearly defined purposes that have a value to the user.

This consultation response includes suggestions for the European Data Protection Board (EDPB), who may wish to clarify how the principles of necessity, purpose limitation and data minimisation in its draft “Guidelines on Data Protection by Design and by Default” would apply to financial services in light of the introduction of Open Finance. It also calls for mandating the European Supervisory Authorities (ESAs) to provide standardised workflow templates for financial services providers to guide the scope and manner of personal data collection.

According to Finance Watch, an Open Finance framework must be accompanied by clear rules that spell out which specific data can be used for different use cases in the provision of various financial services. It should be accompanied by a mandatory requirement for the provision of basic services (akin to the basic bank account concept under the Payment Accounts Directive) to overcome any risks of financial exclusion.