Though it is a European data protection law, its umbrella of power extends far beyond the union’s borders. Any company that uses a European citizen’s data, regardless of its scope or industry, is held to its regulations. That means the GDPR applies to revolutionary FinTech startups just as much as they do international banks. As an industry declared the forefront of the financial world, FinTech enjoys relatively free reign to innovate — until now. With GDPR enacted, FinTech can expect changes in how it operates.
GDPR empowers European consumers
The law, which can be, prioritizes transparency in data usage. It forces companies to clarify their policies, so it’s clear how they intend to use personal data like contact information, IP addresses, and other online identifiers. Under the GDPR, companies can’t hide clauses and other details of their data policies in fine print or overly complicated jargon. They have to make it obvious how they intend to use data, especially in conjunction with online ads. So far, the law only protects citizens of the EU, giving them the power to offer informed consent when agreeing to online terms and conditions and the ability to revoke it at any time.
Companies that collect European data must comply with the GDPR, even if they are processed or stored in North America. Those companies that breach this law face steep consequences, including fines representing four percent of their annual global revenue.
The GDPR is a forecast of future policies.
Despite its global impact, the GDPR only protects Europeans for now; however, cybersecurity experts believe policymakers in other countries will use the GDPR as a basis for new data-handling laws. Sheila Colclasure, Global Chief Data Ethics Officer and Public Policy Executive at Acxiom, says the GDPR “willfor data protection around the world for the next 10 years.”
It’s already happening in North America. In June, the Government of Canada released its, signifying the country’s first step towards updating its 18-year-old online data privacy laws. And though there are no policy updates in the pipeline for American privacy legislation, there is significant pressure to update the country’s data protection infrastructure by individuals and businesses alike.
Some proponents of FinTech are wary.
FinTech is a broad category of varied mobile technologies, ranging from online loan services to investment apps. Though they may differ in many ways, they’re united by their innovative approach to financial services. FinTech startups are responsive and adaptable. They’re capable of adjusting to market needs and customer expectations rapidly.
Their speed is partly what sets them apart from the traditional banking model. When retail branches toddle towards policy change, FinTech startups sprint; they enjoy a considerable lead because they aren’t subject to the same rules regulating traditional financial institutions. While retail banks like Wells Fargo and Chase must follow— a supervisory mandate that limits risk by ensuring policy support sustainable growth — FinTech doesn’t have the same all-encompassing, industry-specific regulation. They’re only subject to the same basic online privacy laws that apply to any online service.
Many FinTech’s investors believe strict regulations akin to the GDPR would act as a handicap in the race for market share. Once beholden by elaborate rules, US-based FinTech may not be able to take the same innovative leaps it’s known for by its customers.
Others already embrace a self-regulatory framework.
Considered by some to be the wild west of the financial world, FinTech has no official regulations. Still, like those pioneer towns that established governments and other infrastructure, many of the founding startups adopt progressive policies as a show of good faith to their customers. FinTech’s good governance, which includes transparent data terms, is a mutually beneficial practice. Robust cybersecurity protects non-European consumer’s online privacy simultaneously; it improves startups’ reputations when they meet customer expectations. They also avoid costly legal problems when they adhere to theshould cyberattacks target their business.
It’s essential as FinTech leverages itself as a challenger of traditional financial services for the youngest generations. Studies show that Millennials and Generation Z’s simplicity value is on par with their need for quick, responsive mobile services. They’re suspicious of services thator confuses things more than older generations.
As a result, American-based FinTech is already leading the pact with simple, easy-to-understand bank-level security measures. An online lender like MoneyKey, for example, uses industry-standard SSL encryption when collecting and storing customer data. Whether their customers get anvia their website or mobile app, this online lender explains this security’s terms and conditions in clear, concise language. Similarly, an investment app like Wealthsimple uses 256-bit SSL certificates to protect any information transmitted between its customers and its servers. Billed as , it also employs the same kind of no-nonsense language when describing its services and policies.
Though not as exhaustive or official as the GDPR, these FinTech examples show a gradual change in the way companies collect and use data. Right now, it may only be a combination of outdated privacy laws and acts of good faith that encourage US FinTech companies to protect their customers. But soon, new regulations influenced by the GDPR will roll out, causing American-based companies — FinTech or otherwise — to collect and use data with more transparency.