Open finance: digital identities and data sharing consent

Adopting digital identities could provide a significant boost to not only the future of open finance, but also across the economy more broadly.

by Brian Costello, VP Data Strategy, Envestnet | Yodlee

One challenge that is evident following the introduction of Open Banking in the UK is consumer hesitancy to share financial data, which is required to access the Open Banking-powered products and services the consumer wants or needs. For the next step beyond Open Banking – open finance – to be a success the industry needs to overcome the data sharing trust challenge to unlock the benefits personalised open finance services can provide.

To show the scale of the challenge, an independent survey of UK adults, commissioned by Envestnet | Yodlee, found that two-thirds of consumers in the UK would find it easier and desirable to view all of their financial information in one place, highlighting the huge demand for open finance. However, when it comes to actually sharing the data, the challenge presents itself. While more than a third of respondents said they would be willing to share their financial data, which would enable these kinds of services, a similar number said they would not be willing to, and a quarter were uncertain.

Open finance stands to benefit everyday users in many ways. The Citizens Advice Bureau noted that in the UK, consumers are overpaying £3.4 billion in key areas including mobile, broadband, home insurance, cash savings and mortgages. A well-managed open finance initiative has the potential to drive innovation in financial wellness platforms, helping users understand their financial behaviours and how they could make improvements. This would also enable accessible financial advice, as advisors are able to gain a view of a person’s overall financial picture in a fraction of the time it currently takes.

Transparency and control are two key principles for any data sharing economy, and therefore essential for an effective and safe open finance environment. As it stands, users are required to grant separate consents to both the recipient and provider of their data, and sometimes to a third party as well. Though these levels of protection are laudable, the current user experience is highly procedural and can confuse the user to the point they abandon the consent experience. The requirement to grant multiple consents is at odds with the user experience of trying to achieve a singular cohesive outcome.

Could digital identities simplify the consent process and align consent with desired outcomes?

The UK’s National Data Strategy found that for data to have the most effective impact, it needs to be appropriately collected, accessible, portable, and re-usable. However, achieving this would likely involve enabling consumers to provide more overarching consent for data-sharing, whilst still maintaining stringent protections and avenues for redress. This is no easy feat, and there is still discussion between regulators and the industry on the best ways to achieve this.

The ideal situation is a single digital identity artifact with consent attributes that provides all parties in the data sharing transaction with enforceable evidence of the user’s explicit instructions. Once a digital ID is verified, data-sharing consents attributable to a person’s digital identity could enable them to assign consent to multiple parties involved in the data sharing process without experiencing the confusion and disruption that the current user journey typically entails.

Beyond simplifying the user journey, standardisation of certain consumer consents could enable users to incorporate ongoing consents to their digital ID, which would enable them to give permission to share their data with organisations in real-time or when they were not active in the user experience.

Another option is to leverage the current system of federated identity management providers by having those data providers become the sole identity provider for the transaction.  The Global Assured Identity Network is proposing just that, with ambitions to open the framework up across all sectors.

While this is a great opportunity with many upsides, there are many things standing in its way encompassing technical infrastructure, regulations, and conflicting points of view.

Provided there was a regulatory framework in place, these ongoing consents could also enable users to automatically share their data with new providers under specific circumstances. These sort of outcome-focused smart consents would enable many consumers to benefit from the data sharing economy and reap enormous benefits, without needing to engage too heavily with the procedural elements of data sharing.