Consumers are better informed about account information services. The MOB published (finally) 'good practices' for better information. Privacy First is pleased with the published good practices and calls on MOB members to really work towards better information.
Account information services' are services with which 'a consolidated view can be made out of someone's payment details. This is possible since the PSD2 (Payment Services Directive), which allows you to share your payment details with parties other than your own bank. An example of this is a digital household booklet, but other forms are also possible.
Better information badly needed
If you give your permission to a provider, he gets access to to all transaction data that a consumer has in his own banking environment also see. If you can look back up to ten years at your own bank, then the account information service that too. You share a complete profile with it data.
Sharing data is not without risk. The profit for much This is because account information service providers are not included in the digital housekeeping booklet, but in additional services that can be provided. Think to analyses of fixed costs, risk analyses when applying for a mortgage or assessing creditworthiness.
Because it involves a lot of confidential data consumers understand what they are consenting to. The information that getting consumers now is too much and too unclear. Legally required information is too long, difficult to read and hidden in long privacy statements.
MOB publishes good practices account information services
The call for better information has been ringing for some time. From the end In 2017, Privacy First was involved in an initiative of the Volksbank to better inform consumers about account information services. The initiative was taken over by the Betaalvereniging and from May 2019 by the MOB (Social Consultation on Payment Transactions).
The MOB agreed last May with good practices. These are seven standardized questions for account information service providers to answer before a consumer gives consent. The questions contain the most important (legal) information and they answer the most important questions of consumers. In addition, the MOB has drawn up an elaboration with explanatory notes. The questions are
- Who requests access to my account information? How is the service regulated?
- Which service does
offer what my data is needed for?
- What data from my account will
- What else does
use the data for?
- What data goes to third parties and what for?
- How can I reverse my previously given consent?
- Where can you find further information?
Be careful that it does not remain noncommittal
The good practices of the MOB are a very good step. Now it comes down to applying and utilising these good practices. Unfortunately, the use of the good practices is without obligation. "The MOB cannot oblige providers of account information services to comply with the good practices. The MOB members have, however, agreed to bring the best practice to the attention of their supporters". In view of the MOB's field of forces, which includes both providers and users, this is understandable. But we have to be careful that the good practices do not become too non-committal. The interests of providers and consumers go hand in hand.
At the end of 2021, the MOB will take stock of whether providers apply the good practices, and reports on this in the May meeting of 2022.
Privacy First doesn't want to wait
Privacy First calls on MOB members to put good practices into practice. Protecting citizens by giving them better information and choices as consumers is in everyone's interest.
Privacy First is positive about the result of the MOB. The seven questions and the standardized answers can be quite an improvement on the current situation. At the same time, we believe that the bar may be raised. How could the MOB better highlight the good practices?
- The MOB can call on its members and relevant third parties to start using the good practices, rather than just offering the possibility.
- MOB members may each speak out in favour of using the good practices and make their use as a condition for cooperation
- The MOB can make clear who the relevant MOB parties are who can play a role in disseminating the good practices.
- The MOB can be more explicit about the moment at which a consumer is informed via the good practices. Privacy belongs in the customer journeythese good practices shouldn't be hidden away.
- Instead of assessing once whether good practices are being used, the MOB can do this more often, for example every quarter.
- The MOB can already send a note to providers in Europe, so that they know what Dutch consumers think if they make plans to offer services in the Netherlands.
Privacy First believes that the MOB is on during rollout and application. But it is also investigating whether it itself can play a role in allowing providers to make use of the good practices.
- Link to the message from the MOB (see last paragraph for the account information services document)
- Link to the document Good practice transparency of account information services in the Netherlands (DOCX, 75.6 kB)
- Link to the Explanation of good practice account information services in the Netherlands (DOCX, 70.6 kB)