Financial Conduct Authority  

FCA boss warns of data rules impact

FCA boss warns of data rules impact

The chief executive of the Financial Conduct Authority has warned of the danger of consumers not understanding the impact of handing out their data after new European rules come into effect next week.

Speaking in advance of the implementation of the General Data Protection Regulation, which takes place on 25 May, Andrew Bailey said one of the requirements of the new rules is when consumers consent to a company holding or processing their data, this must be "freely given, unambiguous and informed".

He warned of the fact that many consumers don't understand the value of their personal data and do not really provide informed consent when they pass their data on to a company.

Article continues after advert

Mr Bailey cited research carried out for the Financial Services Consumer Panel that found most people do not read terms and conditions in any detail - at best skimming them - and instead rely on the "wisdom of the crowd".

He said the consequences of this could be that people assume their responsibility for their decisions can be transferred to regulators such as the FCA or the Information Commissioners' Office, which is responsible for General Data Protection Regulation.

He said: "If you don't look at terms and conditions, what do you rely on to make these choices?

"The answer is a form of what can be called the presumed wisdom of the crowd and third parties with a particular role to play, including regulators.

"In this, there is a high degree of social acceptance which draws on pre-existing assumptions of sources of protection.

"Thus, online reviews are an assumed source of protection, and therefore assumed to be unbiased. The regulatory environment shapes the form and scope of customer trust, and here I define regulation broadly.

"But it turns out that when probed, awareness of the specifics of the regulatory environment is at best very general.

"The risk here is immediately apparent, namely that the presumed compensating factors for the absence of scrutiny of the consent decision are not as well understood as they should be in that situation.

"Responsibility is therefore assumed to be transferred to a combination of suppliers and public bodies."

Mr Bailey said this meant regulators should base their protections on assuming that consumers do not know how to value their data.

He warned that "shocks" - such as massive data hacks or misuse incidents - could undermine the credibility and value attached to data processing itself, meaning public attitudes could change towards data and companies which use data.

Jason Witcombe, director of Evolve Financial Planning, said: "As an industry we have had very high standards of data protection given the sensitive nature of that data.

"People's financial data is probably akin to their medical information.

"So I think the impact on us is probably a lot smaller than for some other industries."