Banks, fintechs must reframe data privacy debate
Financial services innovators are at risk of losing access to data that’s critical to their businesses if Congress passes a proposed data privacy bill or one of several like it.
Lawmakers are increasingly concerned that Americans continue to sacrifice privacy in exchange for products they can’t live without, especially as the coronavirus pandemic forces more commerce online. Unless consumers are somehow able to use cash only, no longer engaging in modern life by using a cellphone or the internet, they must share their data, putting their privacy at risk.
Such a trade-off, however, is a forced choice born of a misunderstanding of what privacy really means. The financial services industry must take a different approach to defining the problem and crafting solutions.
Privacy advocates are often more concerned about the sheer volume of consumer data being shared between institutions and third parties than what is done with that information. But focusing on the amount of data being held leads to a dead end, as most technology needs vast amounts of data to function. And particularly during the coronavirus pandemic, it has become nearly impossible to function personally or professionally without technology.
This view of quantity-as-privacy-violation is counterproductive on two counts. First, it leads consumers to adopt a hopelessly resigned view of privacy, and second, it can lead companies and policymakers to propose inadequate or even harmful solutions.
Data used well has tremendous power to improve lives, and the financial services industry has powerful stories to tell about its positive use.
During the current crisis, data technology has helped small banks issue hundreds of millions in loans through Congress’s coronavirus relief efforts. Two years ago, lack of access to critical data nearly destroyed a startup that helps those in poverty manage food stamp benefits.
At the same time, privacy is essential to life in a free country. Its loss cannot be dismissed.
A 21st-century definition of “privacy violation” should focus on situations in which a company takes or shares data from people without their knowledge or permission, handles data irresponsibly and enables access by bad actors, or uses data in a manipulative manner.
Critically, companies should be free to use data to provide valuable products and tools, but they should be prohibited from mishandling, underhandedly exploiting or inadequately safeguarding that data.
While it is tempting to suggest legislation requiring such safeguards, there is reason to be cautious. It is imperative that businesses not face a state-by-state patchwork of regulation.
Every business, from startups to multinationals, needs to ensure compliance with every statute on day one of operation — a feat often easier for the largest and most well-capitalized corporations.
Accepting federal preemption in this matter, however, means states can’t be used as the testing ground to help guide the way. And any proposed policy must also acknowledge that individuals have vastly different priorities and tolerances.
Yet frustration with tech’s historically casual approach to privacy is high, both among voters broadly and policymakers in particular.
Bills can come quickly — especially amid an election year and crisis — and bits of rapidly drafted legislation can squeeze into must-pass legislation.
It is up to financial services innovators to inform lawmakers and demonstrate that they are doing good, not harming consumers.
A consumer-first approach to product development is the best way to avoid a heavy regulatory backlash.
There is much industry can do. Customers must have choice, the choice must be informed and it cannot be merely theoretical. The existing “informed consent” model does not work.
Esoteric terms of service that obscure as much as they reveal offer no choice, and are rarely read. Instead, developers can provide clear, plain-language requests to obtain and use data to their users in real time.
Responsible actors should take this opportunity to explain to customers why the data requested is necessary and articulate clearly the benefits of sharing data with them. The same message should be provided clearly to lawmakers considering privacy legislation now.
Anything policymakers do not understand is a threat to every business that relies on data use. And because the legislating process is largely public, lawmakers often view silence as tacit acceptance of proposed legislation.
There is a narrow window now for innovators to define their stance on privacy to preserve their ability to access and use data responsibly. If stakeholders engage proactively with policymakers, there is still time to work together to craft flexible solutions that benefit consumers and businesses alike.
Katherine Flocken is a former Senate staffer and is now a senior policy adviser at Allon Advocacy LLC.
Tyler Griffin co-founded Prism Money, a consumer-focused bill payment tool, in 2012 and is now a managing partner at Financial Venture Studio, which invests in fintech startups.