All the speakers at our Open Banking conference in London in February emphasised how trust around data has to be built with consumers for Open Banking to fulfil its promise.
Richard Syers of the Information Commissioner’s Office said that, with the upcoming GDPR, companies should understand that it represents an evolution of data protection law, rather than a complete change, and sensible data practices will continue to stand organisations in good stead.
When it comes to Open Banking and the new landscape around the release of banking data, Syers said there are also lots of fundamentals that continue to apply.
Firstly, personal data must continue to be processed in a manner that ensures appropriate security of the personal data. Organisations should therefore continue to use appropriate technical or organisational measures (embedding principles of integrity and confidentiality) to prevent unauthorised or unlawful processing and against accidental loss, destruction, or damage to personal data.
Also, ensuring that individuals are in control of who gets to access their data and for what purpose is key to the success of Open Banking. Organisations need to be open and transparent about how they will use an individual’s financial data, and respect the choices that individuals make. Failing to do this will cause individuals to lose trust, both in the organisation processing the data and also the Open Banking initiative as a whole.
Given that’s how the data is being handled, the key challenge around Open Banking becomes ensuring consumer trust by doing things the right way – and communicating on the right terms.
Notices should follow some clear guiding principles, including:
- Be honest
- Use clear, straightforward language
- Write for the audience
- Align the notice with your house style
- Align every notice with your values and principles
- Use “layering” to provide relevant information
- Listen to feedback and amend accordingly
Be honest: In other words, don’t offer people choices that are counterintuitive or misleading. Think about what the overall objective is. Why are you doing what you are doing? What is the benefit to the customer? There is a balance to be struck between providing enough detail and not confusing them.
Use clear, straightforward language: It’s self-explanatory, but don’t use legalistic terms or think of a privacy notice as a legal document. Simply explain what you are doing with data and why. It is not always easy to explain complex processing, but focus on the objectives and the consequences for the data subject.
Write for your audience: We may all have a level of understanding of these things, but the customer probably doesn’t. Test any notice with some initial customers to see if they understand.
Keep to house style: Use your in-house copywriters or communications team to word things in a way that customers will understand.
Be clear about your principles and values: People will be more inclined to read a notice, understand it and trust your handling of information if it’s done right. If the notice is too long, complicated or legalistic, people may react negatively.
Listen to feedback: Remember, every notice is a live document. If there is something that customers are always surprised by or that keeps generating complaints, try presenting the information differently.
The conference also served to bring out how trust can be built in other contexts created by Open Banking – and especially in the act of engaging with consumers – if done right.
Emma Steeley, director of the consumer consent-focused fintech AccountScore, said the way that consumers have already trusted her company’s consents.online business with data in return for the promise of cheaper and better credit was in part testament to the company’s transparent approach to creating trust.
For Open Banking to really work, it needs to be presented on the right terms – and Steeley said that means ensuring that customers get something back in return for their data.
“In AccountScore’s case, there is a benefit in the offer of cheaper credit, and that kind of quid pro quo needs to be there every time – a better product, a faster or higher chance of approval, access to information that wasn’t available, or something similar," she offered. "The better the bargain or deal, more likely you'll win customer approval and trust.”
Steeley went further, though, and said it wasn’t necessarily the strength of the offer that mattered most to consumers, but how the offer is presented.
“We are living proof that the best way to educate customers about the benefits of Open Banking isn’t in a classroom or through e-learning, but through live, real-time transparency that presents information clearly to educate individuals in the moment, rather than relying on any small print. If the process is simple, clear and logical it will be understood, and what’s being asked for won’t seem sinister or scary but legitimate and useful and also quite restricted.”
Of course, Steeley’s message about the power of delivering a trusted tool that makes things transparent for consumers isn’t the only way to build trust. Alasdair MacFarlane of RBS said the long-term need for banks to deliver in the fight against fraud in a landscape with a greater attack surface for data criminals was crucial to securing trust.
Data breaches that can be pinned on the vulnerabilities created by this new context will undermine consumer trust and confidence. It is important for providers to engage in industry consultations on financial crime and fraud prevention to help tackle the issues and to help find a workable solution that benefits and protects customers. It could be a long road back if we see a few high-profile failures, so innovation and trust really do go hand in hand as Open Banking starts to gather momentum.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at May 2018. Specific advice should be sought for specific cases. For more information see our terms & conditions.