Mahi Sall, Advisor, Fintech-Bank Partnerships, Payments and Financial Inclusivity
January 25th, 2023
Mahi Sall is the CEO & Founder of FinXpair, a Berlin-based strategic advisory boutique firm focu[...]
Privacy Implications of an Open Banking System in Canada
McMillan | Darcy Ammerman, Mitch Koczerginski, Robbie Grant, Anthony Pallotta | Oct 12, 2021
Privacy and Open Banking
Since open banking is predicated on the free flow of information, privacy is key to an open banking system. In its February 2019 Review into the Merits of Open Banking, the Committee said “[t]he trust needed to allow the digital economy to flourish, and the social license that organizations will need from Canadians to innovate with their personal data, hinges on having an appropriate legal framework in place that puts at the forefront key privacy issues.” In its January 2020 review of stakeholder submissions, the Committee observed that all stakeholders considered privacy to be a significant risk of open banking. In its own submission to the Committee, the Office of the Privacy Commissioner of Canada (“OPC”) called for several privacy reforms to support an open banking system.
Many of those reforms are already making progress. Before the election was called, the government had introduced a substantive overhaul to Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), in the form of Bill C-11, which would have enacted the Consumer Privacy Protection Act (“CPPA”) (we summarized the proposed changes in a previous bulletin). Bill C-11 died on the order paper when the election was called, but since the liberal government has now returned to office, a new privacy law bill is expected to be forthcoming. There is added international pressure for privacy reforms too, as the EU reviews Canada’s adequacy status under the General Data Protection Regulation (“GDPR”). Maintaining such status is crucial as it permits data processed in accordance with the GDPR to be subsequently transferred from the EU to Canada without requiring additional data protection safeguards or authorization to transfer the data.
See: Canada’s Library of Parliament Report: A Comparison of Open Banking Recommendations
Meanwhile in Quebec, An Act to modernize legislative provisions as regards the protection of personal information (“Bill 64”) received Royal Assent on September 22, 2021. This Bill amends Quebec’s Act respecting the protection of personal information in the private sector (“Quebec’s Private Sector Act”) to include a data portability right, increased fines for non-compliance, and enhanced requirements for breach notification, consent, and data protection, among other changes.
Data Portability
In its June 2019 report on open banking, the Standing Senate Committee on Banking, Trade and Commerce recommended modernizing PIPEDA to align it with global privacy standards. It wrote that these changes “must include a consumer data portability right.”
In the context of open banking, data portability means a consumer’s right to direct that their personal financial information be shared with another organization. While this sounds simple in theory, it presents challenges for the organization sharing the data (typically the financial institution). First, personal information owned by the consumer is often grouped together with information owned by the sharing organization. For example, financial institutions may create “derived data” by processing consumer information together with proprietary algorithms and analysis. The Final Report takes the position that the financial institution should generally be able to exclude derived data from an open banking system. However, if such data is normally available to the consumer, the financial institution should have an obligation to justify an exclusion.
See:
Betakit podcast with Senator Deacon on Open Banking and Competition
Reflections on Canada’s open banking report
The second and related challenge is that sharing organizations may store and process data in a variety of formats, but for data portability to be meaningful, the personal information must be shared in a usable technological form. The difference between a string of loose data, and a properly organized spreadsheet is significant to the utility of such information for a third party app developer. Financial institutions can look to Quebec’s Bill 64 as an example of how the concept of data portability could play out in practice. When it comes into force, Bill 64 will amend Quebec’s Private Sector Act to provide consumers with a right to request their computerized personal information in a “structured, commonly used technological format” unless doing so raises serious practical difficulties.
The introduction of a data portability right may require financial institutions to overhaul their data processing systems to ensure consumer data can be shared in a commonly used form, while separating out data that is unnecessary or proprietary to the financial institution. Depending on the sharing organization’s data processing systems, data portability may require significant lead time to implement. The challenges outlined above are likely why the technological format amendment to Quebec’s Private Sector Act does not come into force until September 22, 2024 (a full year after the majority of the amendments).
Continue to the full article --> here
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
 |  |  |
Support NCFA by Following us on Twitter!Follow @NCFACanada  |
Related Posts
Herding investors - Why Artificial Intelligence Will Solve All Our Money Problems
- Australian Securities and Investment Commission Partners with Canadian Securities Regulators on Fintech
- OPEN LETTER: Lifting the Veil on Peer-to-Peer Lending in Canada
- Fintech: UK Financial Conduct Authority Initiates Consultation on Global Financial Innovation, Partners with 12 International Regulators
- The outlook for debt and equity crowdfunding in 2014
Leave a Reply