Consumers and Data Ownership – Who’s in Charge?

 In Privacy & Regulations, Security

Whether or not you realize it, for a long time a lot of people have had access to information about your buying patterns and behaviors. In fact, it’s quite common practice for third-party sources to find your data from banks, credit cards, credit bureaus, etc. and then sell it to bigger companies, along with the data of millions of other consumers. This collective data opens the door for basically everyone in the supply chain to make money – except you as the consumer. Does that seem unfair? We think so too. 

Many others have also balked at the idea of parties being able to secretly access and use data that belongs to other people for their own benefit – so much so that legislation in recent years has passed to make it illegal. Regulators in both the U.S. and EU support the idea that it’s actually the consumer who should be able to decide who accesses their personal data, how, and when, and that ultimately the consumer should benefit from the sharing of this data. 

Because so many people have felt used and abused by the powers unknowingly using their data, they’ve understandably lost their trust in them. Now the industry is in the process of rebuilding trust between consumers and platforms, seeking to renew their confidence in the apps and websites they use. 

There are two general rules to follow in rebuilding that trust:

  1. Data recipients must collect consumer’s consent before they access and share their data. Each recipient must clearly convey what data will be accessed and why before a consumer agrees to share it.
  2. Data recipients should not store data whenever possible. 

In the past, most companies would keep and duplicate personal consumer data, which ultimately led to an increased risk for exploitation and compromise. Storing data increases consumer skepticism while decreasing trust and should therefore be avoided. 

Since 2014, the Digital Commerce Alliance (DCA) has been working to advance data-driven commerce by enabling innovative and measurable consumer experiences through standards, collaboration, and technologies. These technologies involve card-linking, financial data and mobile wallets, and best-practice data management. As part of the DCA, Pentadata benefits greatly from their industry advocacy. In the DCA there are diverse perspectives across multiple disciplines, all working toward fair business environments. 

In 2018, the DCA developed its Consumer Data Transparency Rights which reflect best practices and standards for the safe yet effective use of consumer financial data. Adhering to the standards set forth in the Consumer Data Transparency Rights, Pentadata follows an honest approach to securing data that developers need to build reward, cash-back, and card-linking programs. Here are some of the standards we follow:

  1. We require consumer permission.
  2. We use multiple sources of data, including financial institutions, aggregators, and merchants.
  3. We always offer meaningful data analysis for businesses. 
  4. We never store consumer data. 

Even though some of these ideas are relatively new to some, Pentadata has been compliant to them for a long time. If you want to read more about the standards, start with the California Consumer Privacy Act and the U.S. Consumer Financial Protection Bureau. You can also look into the SOC 2 Type 2 compliance certification process, which holds your company to very high standards. 

Ultimately the principles we follow at Pentadata are straightforward but go a long way in rebuilding trust between consumers and companies. We’re not the only ones who feel this way – more and more businesses are also choosing to move in this direction as legislation and social pressures change. We believe that following these principles is good not only for consumers and businesses, but also the entire fintech ecosystem.

Recent Posts