Overview of Emerging Data Governance Structures Prepared for ABAC Patrick Walker 20 June 2018 CONFIDENTIAL AND PROPRIETARY Any use of this material without specific permission of PERC is strictly prohibited
Contents ▪ Context ▪ EU – ANA Credit – GDPR – PDS2 ▪ US – ODI – Data privacy/security (new framework) ▪ APEC – CBPRs ▪ Conclusion – Take-away for APEC Privileged & Confidential | 1
Drivers of Reform ▪ Technological innovations – Render obsolete existing regs ▪ 2008 Financial Crisis – PCRs exposed as inadequate ▪ 2013 NSA/Wiki-leaks – Caused international furor ▪ 2017 Equifax data breach – Data security in regulators cross-hairs ▪ 2018 Facebook – Elevated data privacy as policy issue Privileged & Confidential | 2
Move to Open Data Access BUT Emphasize Privacy & Security ▪ Not new – Started with government data – Slowly spreading into private sector ▪ Perception of less competition – Many industries are oligopoly or monopoly ▪ Pressure from new entrants – FinTech are effectively securing open access – NGOs, multilaterals about to enter fray Market failures abound in data. Expect more government support for open access. Privileged & Confidential | 3
Contents ▪ Context ▪ EU – ANA Credit – GDPR – PSD2 ▪ US – ODI – Data privacy/security (new framework) ▪ APEC – CBPRs ▪ Conclusion – Take-away for APEC Privileged & Confidential | 4
ANA Credit ▪ ECB’s shared multi-purpose database – Detailed info on bank loans across EU – Harmonized across member states ▪ Integrated/streamlined bank reporting framework – Aims to improve data quality and reduce reporting burden – For monetary policy analysis and operations, financial stability surveillance, risk management. ▪ Commercial credit data only. – Much more granular view (loans 25k Euros and up) – Begins Sept 2018 in full force 2020. Seeks to enhance NCBs risk data aggregation capabilities and risk reporting practices. Privileged & Confidential | 5
General Data Protection Regulation (GDPR) ▪ 1 set of data rules for EU – Extra-territorial owing to adequacy requirement – Creates foundation for single digital market – Create an even playing field for controllers ▫ One stop shop ▫ Same rules in every country ▫ Data Protection Board that would force harmony ▪ Implementation fraught with problems – Agencies lack authorizing laws, funding, capacity, skills – Companies do not have policies to comply, skills – Individuals do not understand new rights – Effective May 25 th after two years of preparations Data protection is broader than privacy— right for data to yield long and healthier life Privileged & Confidential | 6
Payment Services Directive 2 (PSD2) ▪ Single market for payments – Took effect 1/13/2016, applicable 1/13/2018. ▪ 3 Key Change from PSD1 – Extend the Directive’s scope – Strengthen security and customer authentication requirements – Introduce TPPs (3 rd party providers), license and supervise them. ▪ It’s about competition – Designed to crush bank monopoly on data – Driven by FinTech and fueled by general antipathy toward banks Open Banking Initiative expands logic of PSD2 to broader set of data and players. Privileged & Confidential | 7
Contents ▪ Context ▪ EU – ANA Credit – GDPR – PDS2 ▪ US – ODI ▪ APEC – CBPRs ▪ Conclusion – Take-away for APEC Privileged & Confidential | 8
US Open Data Initiative (ODI) ▪ Driven by tech change – Screen scrapers and other FinTech accessing data. – Banks complain of “wild, wild, West” ▪ CFPB Issues Principles (Oct 2017) – Consumer-authorized data sharing market – Based on OECD Fair Information Principles ▪ It’s about competition – Recognizes data subject as owners of data – Banks remain gate-keepers for API access ▫ Chase/Intuit ▫ Wells/Finicity and Xero Banks opening up access but picking winners—compromise solution. Privileged & Confidential | 9
Contents ▪ Context ▪ EU – ANA Credit – GDPR – PDS2 ▪ US – ODI ▪ APEC – CBPRs ▪ Conclusion – Take-away for APEC Privileged & Confidential | 10
Cross-border Privacy Rules (CBPRs) ▪ Designed to remove barriers and enable commerce – Single framework for exchange of personal information – Currently 5 member economies participating (Canada, Japan, Republic of Korea, Mexico, United States) ▪ APEC Electronic Commerce Steering Group expanding application of CBPRs – EU Binding Corporate Rules/CBPRs common referential established – CPBR being considered as certification under EU GDPR Barriers to data flows being removed within and among advanced economies. Privileged & Confidential | 11
Contents ▪ Context ▪ EU – ANA Credit – GDPR – PDS2 ▪ US – ODI ▪ APEC – CBPRs ▪ Conclusion – Take-away for APEC Privileged & Confidential | 12
Thriving In Dynamic Data Ecosystem ▪ Data as an opportunity – Just scratching surface, barriers only now coming down. – Data in and data out ▪ Change is happening – It is fast and furious – Emanates from unrelated quarters – Increased government efforts to open access ▪ It’s evolution – Adapt or die – Data tools there to help survive and prosper Must prioritize data strategy—using internal and external resources Privileged & Confidential | 13
POLICY & ECONOMIC RESEARCH COUNCIL 6409 Fayetteville Road, Suite 120-240 Durham, NC 27713 USA www.perc.net Phone: +1.919.338.2798
Recommend
More recommend