O
pen banking can be defined as a fintech field born out of the need for an innovative digital experience for users, where financial data collected for banking transactions is shared by banks with third-party programs. Among the goals of open banking are the ability to view our personal data collected for banking transactions in third-party applications, perform all our banking transactions through a single application, or integrate our banking transactions with other payment methods used in the fintech field.
The foundation of the open banking system, which aims to use the personal data collected from us for our benefit, is provided by interfaces called APIs (Application Programming Interfaces) that serve as functional connections between software and applications. While open APIs open a new page for the user experience by establishing a network between banks, fintech applications, and even all other software and applications in terms of sharing financial data, they also raise new question marks about data sharing. However, before we address these concerns, let’s take a look at the development of open banking in the world and in Turkey.
Open Banking Worldwide
The United Kingdom is considered the pioneer of the open banking concept worldwide. The first seeds within the European Union were sown with the enactment of the Payment Services Directive (PSD) in 2007. With updates made in 2009, this regulation was renamed PSD1, and it added a new player to payment systems operated specifically by banks under the name of Payment Service Provider. It is important to note that this regulation was a significant development for startups advancing in the fintech field as it allowed for a multi-player environment targeted for open banking.
PSD2, enacted in 2016 as a more advanced version of PSD1, introduces two new concepts to the open banking system: account information service providers and payment initiation service providers. However, the most important innovation brought by PSD2 is the regulation that allows banks to open their payment services to third-party service providers via APIs.
Today, in the world, banks in European Union countries, Japan, and Mexico are obliged to join the open banking system. China, Hong Kong, Argentina, and Singapore, on the other hand, are countries that promote open banking.
Open Banking in Turkey
In Turkey, with the amendment made in 2019 in the Law on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, payment institutions were included in the system, thus paving the way for open banking regulations.
The Regulation on Banks’ Information Systems and Electronic Banking Services, published on March 15, 2020, details open banking applications. Most of this detailing pertains to data security. It is important to note that the Regulatory Technical Standards adopted by the European Parliament in 2019 also require meticulous work to reduce the data security risks introduced by open banking.
While open banking offers convenience for users, it also poses some risks in terms of sharing and protecting personal data. The sharing of our personal data collected during banking transactions with third-party applications, other payment institutions, or other banks will, of course, depend on our explicit consent.
Do We Want Our Personal Data to Be Shared for Open Banking Applications?
In addition to the sensitivity that has arisen in society regarding the transfer and security of personal data, our collected personal data can be transformed into applications that benefit us. However, the security vulnerabilities that may arise when we give our explicit consent to the transfer of our personal data to third-party applications or other banks are also a risky aspect of the open banking system.
According to a report prepared by Fintech Istanbul in 2019, consumer trust in open banking applications is high in the Netherlands, Germany, and Canada. With the impact of the pandemic since 2019 and the increased digitization, it is also necessary to measure the effect of the increasing cybersecurity risk on consumer trust. However, it is also important to note that one of the expected benefits of open banking is the transformation of our personal data into applications and solutions with the help of APIs.
Open Banking and Unconditional Consent
Open banking allows the transfer of our personal data to third-party applications through APIs, as mentioned earlier. For this transfer, it is necessary to have the explicit consent of the relevant individuals. In order for the explicit consent obtained from the relevant individuals to be valid, it must be related to a specific subject, based on informed consent, and given with free will. The decision of the Personal Data Protection Board that explicit consent cannot be subject to the terms of service will likely lead to a new debate on this issue.
In conclusion, we see that personal data collection can be used not only as a threat to the privacy of private life but also for functional applications that can benefit individuals. With the development of technology and the formation of new business models, decisions regarding the processing of personal data should also be evaluated in this direction.
