Next week, all eyes are likely to be on the Chancellor making his Budget speech. But in ‘The Other Place’, the House of Lords is conducting a less prominent but equally important debate: amendments to the Data Protection Bill. At the True Potential Centre for the Public Understanding of Finance (True Potential PUFin), we are especially concerned about clause 173 of the bill, since this will determine what you can do if your personal data is hacked, lost or misused. A new briefing from True Potential PUFin backs an amendment to clause 173 aimed at giving consumers the effective remedies they need by allowing selected organisations to fight for compensation on their behalf.
This amendment is especially important because of new options you will have from January to share your banking data more widely through what is being called ‘Open Banking’.
Open Banking is new way of sharing your bank account data, including detailed transactions information, with third parties, like price comparison websites and account aggregators (that let you see information about all you accounts in one place). You can already do this using MiData (where you download a file of data to your own computer and then upload it to the third party) and ‘screen-scraping’ where you share your banking passwords with the third party. Open Banking is more secure because it directly links the bank’s and third party’s computers without you giving up any security information.
It’s expected that Open Banking will unleash all sorts of new digital services aimed at helping you budget, keep debts under control, save regularly, shop around and switch products automatically, provide evidence of credit-worthiness, manage your lifestyle…the possibilities are endless. And, if these digital services automate the drudge of shopping around, they may also increase competition in financial services and other markets which could reduce prices and improve quality. But all these benefits can only be realised if you can be confident that there are effective ways to put matters right if something goes wrong.
Many of the third-party firms involved in Open Banking will be regulated by the financial regulator and if your data is hacked or misused, you should then be able to take a complaint to the Financial Ombudsman Scheme. However, the reality of modern-day industry is that different functions are outsourced to different firms and the value of data is maximised when it is combined with other data from elsewhere to form Big Data sets. Therefore, you will often find the whacky new digital service you sign up for means giving access to your data to a complicated network of firms ‘under the hood’, some of which will come under the financial regulator and some who will not. Where they don’t, your only path if something goes wrong will be to take the firm that has lost or abused your data to court – a daunting, time-consuming and potentially costly prospect that deters many consumers. And that’s assuming you can even identify which firm in a complicated network is at fault.
Lord Stevenson of Balmacara and Lord Kennedy of Southwark are tabling an important amendment to clause 173 of the Data Protection Act that, if accepted, will allow organisations like Which? to bring court action on behalf of all consumers (with the right for individuals to opt out if they want to) – a system called collective redress. The True Potential PUFin briefing urges members of the Lords to back this amendment. As a reminder of just how extensive data breaches can be, the recent Equifax hack has exposed the data of 143 million US citizens and 694,000 in the UK, an attack on Wonga compromised 245,000 customers’ data, and around 200,000 customers of Three may be affected by a hack using an employee login. So, not only would collective redress be good for consumers, it offers society a more economic way to manage the multiple claims for redress that today’s data-driven world will make ever more commonplace.
Read the letter to The Secretary of State, signed by True Potential PUFin academic Jonquil Lowe, on the upcoming Data Protection Bill.
Wednesday, June 17, 2020 - 09:00 to 10:00
Wednesday, July 1, 2020 - 09:00 to 10:00
Wednesday, July 15, 2020 - 09:00 to 10:00