We have learned a lot about how not to do consent from Hollywood and the Fashion industry. Consent has to be explicit, have a clear affirmative statement and action of intent that cannot be misinterpreted, given clearly, specific and informed.
In May 2018, individuals “are given legal rights over their own data”. As Open banking is going across millions of current bank accounts, explicit consent needs to be fully integrated into the end-to-end process involving all parties.
Under regulations explicit consent must specify the particular types of data and the specific purpose for use. New transparency rules will require notification to all parties in that agreement. Evidential-like infrastructure needs to be put into place with
a simple withdrawal mechanism.
Let’s step through the process of Open Banking with explicit consent.
The account holder at Bank A would like 3rd party B to provide a service so:
- Account Holder notifies Bank A and 3rd party B
- Before Bank A acts on the instructions, asks 3rd party for confirmation and insures B’s APIs and security are up to standard
- Bank A notifies the Account Holder and any further requests from 3rd party B
This starts the consent process, as 3rd party B is now a trusted 3rd party of Bank A. The account holder can have many 3rd parties with each passing through the above end-to-end on-boarding process.
The account holder can now respond to the offer from Bank B. Here the ease of withdrawal comes into play.
Should account holder of Bank A decline the 3rd party offerings at any time then:
- Account Holder informs 3rd party B stop and can ask for data return
- Bank A is notified and awaits 3rd party B’s return of data
The above needs to be completely transparent to the Account Holder and the parties in the process. Explicit consent comes with responsibilities that all parties must adhere to. The end-to-end consent process must be robust and capable of being audited. In
addition, silence is not consent, so all have to participate and there are penalties for misconduct.
UK Banks have spent
£3,500 million a year on misconduct in the form of fines and other charges. The largest contributor has been payment protection insurance (PPI) and this ends in 2019. The infrastructure established to support billion pound PPI claims business will need
to be disbanded or unless further opportunities occur. So Banks have to make certain explicit consent is well managed.
On the positive side, the account holders, the banks and third parties know what has to be done. The responsibilities of each and every one can be measured. This will result in the banking industry further regaining trust, and being digitally relevant.
Technology advancements over the last few years have improved our knowledge, perception and understanding of diversity. The new documentary by Sir David Attenborough,
Blue Planet II, shows proof of these advancements. We see spectacular scenes, breath-taking action and a host of fish behaviour for the first time. Similarly, the latest technological advances in real time and personalised banking allows explicit consent
at scale. That is each client is the centre of attention and can see who is doing what and how their data is managed.
Open Banking raison d’etre is consent par excellence.