.svg)
A new survey by the interbank payments company, The Clearing House (TCH), shows U.S. consumers know little about fintechs’ data collection and sharing practices.
The 2021 Consumer Survey: Data Privacy and Financial App Usage shows that consumers want more information and control over their personal financial data, but most of them do not know how fintechs collect, manage, and share their data.
“More consumers are using financial apps, but they’re still in the dark about how their data is used, accessed, and stored,” said Ben Isaacson, senior vice president of product strategy at TCH.
In part fuelled by the coronavirus pandemic, usage of fintech has reached mass adoption in the U.S. According to a report from Plaid, by October this year, 88 percent of U.S. consumers used fintech to manage their finances, surpassing the number of those having video streaming subscriptions (78 percent) or using social media (72 percent). However, it is unclear how Plaid defines the term “fintech” for the purpose of its report.
According to the TCH survey, one in three said they had increased their fintech app usage since the start of the pandemic. The survey also found consumers largely remain uninformed of how these apps manage their data.
For example, four in five consumers (80 percent) said they were unaware that fintech apps use third-party providers to gather users’ financial data, and more than three-quarters (76 percent) said they did not know that fintechs could sell their personal data to other parties for marketing, research, and other purposes.
In addition, 78 percent of users said they were unaware that fintech apps can access personal data even when the app is closed or deleted, while 77 percent did not know that these apps can retain access to information even after the app is deleted.
More than half of the respondents said they would like to see more disclosure from fintechs in relation to their data collection and management practices and have a greater ability to set permissions within the apps.
Although many consumers are poorly informed of the data collection practices, the survey also notes that more than three-quarters of respondents admitted to not reading the terms and conditions, and the majority of those who read them said they did not understand them.
Fintechs and data protection
In Europe, the widespread adoption of fintech apps has been largely supported by regulatory actions, such as the revised Payment Services Directive (PSD2); however, the U.S. is currently taking a market-driven approach without a guiding government policy to support the development of open banking products and services.
Although Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act 2010 establishes that consumers have the right to access their financial information, specific rules around how the data sharing should take place have not yet been released.
The Dodd-Frank Act tasked the Consumer Financial Protection Bureau (CFPB) with issuing these implementing rules, but the agency has so far published only an advance notice of proposed rulemaking and requested information from bigtechs that operate payment services to better understand their data collection practices.
Meanwhile, U.S. fintechs and banks have started to team up and strike bilateral agreements to be able to provide better financial services for consumers. For instance, FDX, one of these initiatives, counts 197 banks, fintechs and consumer groups among its members, and has developed a financial data-sharing API standard that has 22m consumer accounts in the U.S. and Canada. By comparison, the Open Banking Implementation Entity (OBIE) in the UK has recently reported that more than 3m consumers are using its open banking API.
However, the more market participants have access to consumers’ financial data, the more the risk is to compromise the security and privacy of that data.
Although the EU and UK addressed many of these concerns by adopting the General Data Protection Regulation (GDPR), together with establishing rules of open banking through PSD2, U.S. regulations do not currently address data protection and rules around sharing data.
