58 Pages Posted: 28 Mar 2020 Last revised: 14 Apr 2021
Date Written: February 28, 2020
In recent years, “data privacy” has vaulted to the forefront of public attention. Scholars, policymakers and the media have, nearly in unison, decried the lack of data privacy in the modern world. In response, they have put forth various proposals to remedy the situation, from the imposition of fiduciary obligations on technology platforms to the creation of rights to be forgotten for individuals. All of these proposals, however, share one essential assumption: we must raise greater protective barriers around data. As a scholar of corporate finance and a scholar of corporate law, respectively, we find this assumption problematic. Data, after all, is simply information, and information can be used for beneficial purposes as well as harmful ones. Just as it can be used to discriminate and to embarrass, information can be used to empower and to improve. And while data privacy is often pitched at ending unauthorized data sharing, it all too often leads simply to the end of data sharing, period. This comes at a cost. Data silos can inhibit consumer choice, protect the positions of powerful incumbents, and reduce the efficiency of markets. The best example of these costs comes from the financial industry. For more than a century, banks and other financial institutions have built their information technology systems to keep financial records as private and non-shareable as possible. While security concerns can be a primary reason for such closed systems, banks also understand that financial data is an advantage that can protect them from market entry and competition. Banks can hold up consumers with unfavorable rates and inferior products as a result, and a set of market failures make it difficult for consumers to opt out. First, information asymmetries between consumers and financial institutions are large and difficult to resolve. Second, search and switch costs — the difficulty of finding out more information about the risks and benefits of financial products and of switching to a better financial service — are high in the financial industry. Finally, individuals struggle to take advantage of even simple financial strategies as they struggle to save, borrow, and invest. Data sharing can help resolve these problems. The emergence of a new regulatory and technological framework called “open banking” raises the possibility of consumers being able to task trusted intermediaries with automatically analyzing their financial data, nudging them to achieve their goals, and switching them to better products, all in order to reduce the substantial inefficiencies in their financial lives. There is one problem, however. A combination of market failure and regulatory ambiguity has led to a situation in which data is limited, siloed, and inaccessible, thereby preventing individuals from using their data in efficient ways. Ultimately, this Article contends, resolving these problems will require us to replace the clarion call of “data privacy” with a new, more comprehensive concept, that of “data autonomy,” the ability of individuals to have control over their data. Data autonomy would balance the need for data to be protected and secure with the need for it to be accessible and shareable. In this Article, we lay out a set of key principles that would grant individuals a legal right to data autonomy, including a right of ownership over data as well as obligations on institutions to safely share standardized and inter-operable data with third parties that consumers so choose. Perhaps counter-intuitively, the only way of expanding consumer welfare and protection today is by breaking down the barriers of data privacy.
Keywords: Open Banking, Data Privacy, Cyber-security, Fintech, Financial Regulation
JEL Classification: G21, G28
Suggested Citation: Suggested Citation