Though it is a European data protection law, its power umbrella extends far beyond the union’s borders. Any company that uses a European citizen’s data, regardless of its scope or industry, is held to its regulations. That means the GDPR applies to revolutionary FinTech startups just as much as they do international banks. As an industry declared the forefront of the financial world, FinTech enjoys relatively free reign to innovate — until now. With GDPR enacted, FinTech can expect changes in how it operates.
GDPR empowers European consumers
The law, which can be read in full here, prioritizes transparency in data usage. It forces companies to clarify their policies so it’s clear how they intend to use personal data like contact information, IP addresses, and other online identifiers. Under the GDPR, companies can’t hide clauses and further details of their data policies in fine print or overly complicated jargon. They have to make it obvious how they intend to use data, especially online ads. So far, the law only protects citizens of the EU, giving them the power to offer informed consent when agreeing to online terms and conditions and the ability to revoke it at any time.
Companies that collect European data must comply with the GDPR, even if processed or stored in North America. Those companies that breach this law face steep consequences, including fines representing four percent of their annual global revenue.
The GDPR is a forecast of future policies.
Despite its global impact, the GDPR only protects Europeans for now; however, cybersecurity experts believe policymakers in other countries will use the GDPR as a basis for new data-handling laws. Sheila Colclasure, Global Chief Data Ethics Officer and Public Policy Executive at Acxiom, says the GDPR “will set the tone for data protection worldwide for the next ten years.”
It’s already happening in North America. In June, the Government of Canada released its National Cyber Security Strategy, signifying the country’s first step towards updating its 18-year-old online data privacy laws. And though there are no policy updates in the pipeline for American privacy legislation, there is significant pressure to modernize the country’s data protection infrastructure by individuals and businesses.
Some proponents of FinTech are wary.
FinTech is a broad category of varied mobile technologies, ranging from online loan services to investment apps. Though they differ in many ways, they’re united by their innovative approach to financial services. FinTech startups are responsive and adaptable. They’re capable of adjusting to market needs and customer expectations rapidly.
When retail branches toddle towards policy change, FinTech startups sprint; they enjoy a considerable lead because they aren’t subject to the same rules regulating traditional financial institutions. Their speed is partly what sets them apart from the conventional banking model. While retail banks like Wells Fargo and Chase must follow the Basel Accords — a supervisory mandate that limits risk by ensuring policy support sustainable growth — FinTech doesn’t have the same all-encompassing, industry-specific regulation. They’re only subject to the same basic online privacy laws that apply to any online service.
Many FinTech investors believe strict regulations akin to the GDPR would be a handicap in the race for market share. Once beholden by elaborate rules, US-based FinTech may not be able to take the same innovative leaps it’s known for by its customers.
Others already embrace a self-regulatory framework.
Considered by some to be the wild west of the financial world, FinTech has no official regulations. Still, like those pioneer towns that established governments and other infrastructure, many of the founding startups adopt progressive policies as a show of good faith to their customers. FinTech’s good governance, including transparent data terms, is mutually beneficial. Robust cybersecurity protesimultaneously cts non-European consumers’ online privacy simuimproves startups’ reputations when they meet customer expectations. They also avoid costly legal problems when they adhere to the existing US privacy laws should cyberattacks target their business.
It’s essential as FinTech leverages itself as a challenger of traditional financial services for the youngest generations. Studies show that Millennials and Generation Z’s simplicity value is on par with their need for quick, responsive mobile services. They’re suspicious of services that use jargon that complicates or confuses things more than older generations.
As a result, American-based FinTech is already leading the pact with simple, easy-to-understand bank-level security measures. For example, an online lender like MoneyKey uses industry-standard SSL encryption when collecting and storing customer data. Whether their customers get an online payday loan via their website or mobile app, this online lender explains this security’s terms and conditions in clear, concise language. Similarly, an investment app like Wealthsimple uses 256-bit SSL certificates to protect any information transmitted between its customers and servers. Billed as a convenient way to invest, it employs the same kind of no-nonsense language when describing its services and policies.
Though not as exhaustive or official as the GDPR, these FinTech examples show a gradual change in how companies collect and use data. Right now, it may only be a combination of outdated privacy laws and acts of good faith that encourage US FinTech companies to protect their customers. But soon, new regulations influenced by the GDPR will roll out, causing American-based companies — FinTech or otherwise — to collect and use data more transparently.