- Biological Inventions
- Brand Valuation
- Competition Law
- Constitutional Law
- Consumer Law
- Copyright Infringement
- Copyright Litigation
- Corporate Law
- Digital Right Management
- Educational Conferences/ Seminar
- Fashion Law
- Hi Tech Patent Commercialisation
- Hi Tech Patent Litigation
- Intellectual Property
- Intellectual Property Protection
- IP Commercialization
- IP Licensing
- IP Litigation
- IP Practice in India
- IPAB Decisions
- Legal Issues
- Media & Entertainment Law
- News & Updates
- Patent Act
- Patent Commercialisation
- Patent Filing
- patent infringement
- Patent Licensing
- Patent Litigation
- Patent Marketing
- Patent Opposition
- Patent Rule Amendment
- Pharma- biotech- Patent Commercialisation
- Pharma/Biotech Patent Litigations
- Section 3(D)
- Social Media
- Sports Law
- Telecom Law
- Trademark Litigation
With the arrival of the digital revolution, sharing of data has become easier as well as necessary. This requires the data generated to be apportioned to all who might need it for various purposes. This is where fintech (an amalgamation of the terms finance and technology) firms come in. The data generated by Financial Institutions including banks are shared with fintech firms through the means of application programming interface (APIs), which acts as the bridge between the two entities. Thus, APIs facilitate data sharing in the banking sector, which brings about the concept of open banking.
This has led to FIs offering consumer-centric and personalized services.
Open Banking can be defined as a mechanism where data is shared freely with the consent of the consumer, in order to generate the required analytics and provide financial and other services. Since consent is an essential ingredient of the concept of open banking, it is popularly regarded that open banking promotes the customers’ control over the data they generate.
Since the awareness regarding the sanctity of one’s data is gaining salience, this, so to say, ‘advantage’ of open banking is what makes it prominent among both banks and consumers alike. The essential principle of user consent is embodied in the Information Technology Act, 2000 as well as the forthcoming Personal Data Protection Bill, 2019.
THE INDIAN MODEL
In 2016, Account Aggregators (or ‘AAs’) have been developed by the Reserve Bank of India through a Master Direction to facilitate the open banking regime. Ordinarily, the data was shared between the providers and the users of information (for the sake of simplicity, otherwise known as FIPs and FIUs, respectively) directly, which rendered the process opaque and deprived customer control. Being impartial third-party operators, AAs are based on a strict consensual model, operating on authorization agreements between the customer, the bank, and themselves. They are merely channels through which data will pass based on consent and are not allowed to access, store, or utilize the data handled by them. The directions also provide for an IT framework including the consent architecture and operational mechanism for the AAs.
Think of the AAs as a broker for customers’ financial information. Once the customer grants consent that their specific data may be shared with particular FIs seeking it (FIUs) for the mentioned purpose for a certain period, the AAs procure the same from the FI holding the data (by virtue of them serving the customer, the FIPs) and deliver it to the FIUs. On the basis of the data so received the latter may offer new financial services to the consumer. Meanwhile, the AAs are regulated by the RBI and its directions. The customers also have the option of revoking their consent in respect of the time period, the FIU, and the particular data shared.
The Master Direction also specifies that an AA may be registered as an NBFC, granting the RBI the power to govern them, and also be registered with a bank. Further, a company performing the function of an AA may not carry any other business. As of yet, seven AAs have been granted approval to operate as AAs, three of which have only an in-principle approval. The framework went live recently, on September 2, 2021, with prominent banks joining in.
For addressing concerns relating to the functioning of the three different kinds of entities and difficulties that may arise in coordination, the DigiSahamati Foundation was established as a member collective. The organization works towards ensuring that the members adhere to the technical standards as well as to manage the competing interests.
On the other hand, the US open banking framework is industry-driven, for the lack of any government regulation as of yet. Even the US is envisaging a possible regulatory mechanism. However, what makes the Indian approach different is that the intermediary, or the AA, is directly regulated under the Directions of the RBI. The model is very similar to that in the UK where the regime of open banking is government-regulated through the Open Banking Standard, as a part of the Open Banking Implementation Entity, wherein a data sharing or API framework is prescribed and enforced by independent parties, to tackle the competitive concerns.
CONCERNS IN OPEN BANKING
Even though data sharing is the widely accepted way forward, expected to overhaul the financial and other related sectors, the concept is only in its nascent stage, having been operationalized by the European Union in 2018. Issues of security and privacy are rife in the emerging field of open banking. The concerns have been predicted and provided for, to some extent, in the RBI Directives through the measures for Data Security, granting customer rights including a record of consent and disability of the AA to use the data for any purpose other than that authorized by them, as well as the requirement of a grievance redressal mechanism for the customers.
However, considering that AAs would also be large companies, working closely with FIPs and FIUs, the possibility of abuse of market power, as well as imbalance of power with respect to the data principal or the user, cannot be completely disregarded. There is also the issue of low digital literacy and lack of access to smartphones, especially among the poor. As is the case with every digitization move, AAs also fall under the bridging or deepening the ‘digital divide’ debate. Further, click consent, though a quick and easy way to achieve the mandate of open banking, may leave customers vulnerable to misuse of data as they may not understand where or how their information is being used.
While it may be possible to predict some issues that may arise, the recent rollout will be indispensable in teaching lessons to better the existing system. As an initiative, it was a much-needed one, with India being one of the forerunner participants in the movement. Nevertheless, open banking is a fairly new operation, whose real-life implications are yet to be seen.
Author: Pranika Goel – a student of National Law University (Delhi), in case of any queries please contact/write back to us at Khurana & Khurana, Advocates and IP Attorneys.