Marie Walker, Raidiam’s Open Futurist, looks at how the FIDA framework proposal will impact data sharing in Europe.
The other day I was chatting with some fellow conference speakers (we’re all presenting at the CREOBIS conference FIDA – Unlocking the Power of Data: Exploring the EU Financial Data Access Framework). During our planning call it struck me more than ever that rules setting out how you can share data are certainly necessary, but they aren’t enough. Everyone involved in the ecosystem needs to be absolutely sure, at all times, that they only share data with organisations that are entitled to it.
European Open Banking has been sorely missing a real-time and consistent way of doing this. And, with FIDA seeking to improve on and go beyond PSD2 and PSR, this is the key enabler to move from compliance obligation to innovation opportunity. So, what exactly do the FIDA rules relating to this say?
Thankfully – saving me from wading through lots of legal terms – Bird & Bird’s Scott McInnes has compared the differences and similarities between FIDA, PSD2 and PSR. Let’s look at some key aspects of the proposed FIDA rules.
The Financial Data Access (FIDA) framework
Notably, FIDA introduces the concept of financial data sharing schemes. Data holders and users can participate in multiple schemes, while the European Banking Authority (EBA) will maintain a register of the schemes. Compensation claims by data holders to data users are allowed under certain conditions, such as failure to comply with the rules of a financial data sharing scheme. And unlike PSD2 and PSR, charging fees is allowed.
FIDA also emphasises the need for common standards for data, and technical interfaces within financial data sharing schemes which will allow customers to request data sharing. Unlike PSD2 and PSR, FIDA requires data users to demonstrate customer permission when accessing data. How the customer accesses their data and whether they can authorise a TPP to act on their behalf still needs some clarification…
More broadly, the European Data Strategy, which includes FIDA, aims to set new rules for accessing and using personal and non-personal data. It aims to position Europe as a leader in a data-driven society, asserting EU technological sovereignty, and ensuring the availability of high-quality data for innovation. The strategy also seeks to promote the free flow of data within the EU and across sectors.
So, what does all this tell us?
What the European Data Strategy means for data sharing
The critical point of the European Data Strategy seems to be that data providers and data receivers will need to become members of one or more data sharing schemes. Each scheme – a Trust Framework by any other name – will set the rules, roles, permissions and responsibilities governing all participants.
So far so good, and certainly in line with the need to establish a common approach and clear behaviours. But as I mentioned earlier, establishing the rules for the ecosystem is only useful to a point. How will this be implemented in practice? How do you create certainty of trust, ease of appropriate secure data sharing, and scalability?
The most successful Open X schemes globally – the UK, Brazil and Australia – have established beyond doubt that to implement a Trust Framework (the rules) you need Trust Framework technology. In simple terms you could imagine this as a member-only app store, created and controlled by a dynamic participant directory and PKI stack. Since our inception, Raidiam has led the way in this field; here are some of the lessons we’ve learnt…
Three lessons for financial data sharing schemes
Lesson 1 – Centralised Trust
Centralised trust (single sign on to a trust platform, for access to many) will remove the existing need in Europe for bilateral agreements between participants – a source of huge economic wastage, complexity and risk. Someone once told me each bilateral agreement costs £50,000-£100,000 to establish. I have no idea if that is true, but it sounds very plausible!
Scaling an ecosystem where every participant is required to contract to each other is hugely difficult and quickly reaches a point where it becomes impossible. It is also a nightmare to ensure consistency across all agreements. With the provision for compensation established in FIDA it is more important than ever that liability is uniformly handled.
Lesson 2 – API Access
Participants in a data sharing scheme need an easy way to find the APIs they need. If you can easily find the APIs you want and are provided with the means to connect to them, then it is much easier to create new products and services. This is a key feature of Brazil’s Open Banking which enabled them to move quickly and easily into Open Finance.
Lesson 3 – Conformance
It isn’t enough to establish common standards. If you don’t test everyone’s APIs to make sure the standards have been applied in exactly the same way then data sharing will not work. A conformance programme is a critical enabler of a healthy, productive scheme.
The future of data sharing in Europe
Looking ahead, multiple data sharing schemes – whether organised by sector, cross-sector or cross-border – also need to be able to interact with each other. This really starts to unlock significant value for the consumer (by which I mean citizen or business client). OpenID Federation is the standard that will make this possible. Federation certified trust technology is essential to manage the complexity of making this a reality.
Europe has an advantage (in the shape of common laws) but it desperately needs the means to unlock the opportunity technically, and not just for FIDA. European digital identity (eID), which is coming this year, will allow citizens to access services in any EU country. This scheme has similar requirements.
If we can get the framework right, I believe 2024 will be seen as a pivotal year for personal data mobility.
Marie will be speaking at CREOBIS’s FIDA – Unlocking the Power of Data: Exploring the EU Financial Data Access Framework conference on 19 November. Find out more about this event and how to register.
Interested in learning more about how we deliver trusted data sharing ecosystems in Europe and beyond? Get in touch today!
Marie Walker is Raidiam’s resident Open Futurist. She is a globally recognised fintech influencer, module author and tutor for Cambridge University’s Open Banking & Open Finance course, and curator of the Open Data daily news and insights round-up open-conversations.org.