Can We Expect a PSD2 Moment in Data?

With our hands on background in financial services and fintech, I often think what parallels can we draw from changes in fintech to what we can expect with data. It’s hard to remember, that Stripe, Apple Pay, Blockchain, Coinbase —but these didn’t exist in the mainstream 10 years ago.

Are we going to see large scale disintermediation similar to what we saw in fintech?

The revolution of open banking and fintech disruption was based on open access to customer data and requirements of data portability. The EU has signaled strongly its policy toward portable data. Will we see a similar forced hand in the market, leapfrogging into a new reality with truly portable data?

New Opportunities with Open Data. (Image Credit: James Turrell)

In hindsight, the impact of the European Commission’s Revised Payment Services Directive 2 (PSD2) was clear. It was intended as a framework to increase competition and participation also from non-banks (read fintech), and to level the playing field by harmonizing consumer protection and the rights and obligations for market participants. What does this have to do with data?

Well, PSD2 actually worked incredibly well in disrupting the entire financial services sector and creating an environment where new services could be built on the ‘banking rails’ and, maybe, more importantly, banking data. Lo and behold the user experience and innovation in the methods of providing services meant that users flocked to new fintech companies that took advantage of this shift in policy and created marketplaces, lenders, savings banks, trading apps and so on, at your fingertips, on your cell phones, in ways we hadn’t seen before.

The disruption with PSD2 was far further than simple access to data, it was a fundamental shift in who offers the consumer interface (which banks had a long history of “controlling”) and further, it required specialized business models that were no longer built on assumed captivity, but rather value and the recognition, that with a few clicks, the customer can migrate to another service provider that does the job better.

The EU is building its policy on the heels of the successful implementation of the General Data Protection Regulation, GDPR, which enshrines the users’ personal data as something that they have rights to, something they have control over and something they own. GDPR is still making its way past mere discussions of popups and managing consent, and we are bound to see more innovation beyond better disclaimers, but the EU is already working on its next legislation and policies for the years to come.

GDPR also already has language around data portability, which has become a huge topic for discussion and it seems the EU is making it one of its flagship priorities for the 2020s tech policy. What could this mean?

1. Consumer-focused innovation. Something often overlooked in financial services, the era also saw innovation such as mobile pay (e.g. Apple and Apple Watch Pay) and free Facebook messenger payments. Data services are often very business to business, and direct to consumer personal data applications is going to be a game-changer.
2. Developer-focused platforms. Catalyzing innovation in fintech were several companies focused directly on the developer, whether it was a Stripe’s payment platform, Coinbase’s framework for crypto companies, Difitek’s API-first back-office to build new fintech marketplaces, many companies sought to further speed up adoption of new models through the introduction of easier and more efficient building blocks.
3. Framework for data portability and forced access for market participants. We can expect to see policy directed at the data platforms, to open up access in a way that the customer can export theirs. With PSD2 the EU designed high-level description of how implementation would work and with so many silos of data, it is an approach we can expect to see again.
4. Specialization of data services. With PSD2 we saw new entrants provide new solutions (free trading by Robinhood), novel ways of delivering rudimentary services (savings accounts by Goldman Sachs’s Marcus). With data, we can expect new entrants to provide more valuable personal experiences and products that build directly on this portable data, and start to outcompete certain vertical services from their big, giant competitors.
5. Novel technical innovations, on one end with distributed ledger solutions in line with the Bitcoin and Ethereum blockchain, and on the other with automated compliance solutions such as running anti-money laundering (AML) checks on millions of users dynamically using webhooks and serverless frameworks. Portable data brings fundamental technical innovations to the realm of possibility, with local data on edge devices, we can create solutions where local data processing allows richness and advancements that are beyond centralized data models.

PSD2 was just in Europe, right? Sure, although that’s too simple in a connected world. In practice, it changed the behavior of every global institution when it became effective in 2018. GDPR has already had a fundamental impact on businesses around the world and the direction is clear, to the extent companies themselves are already working on the future with portable data and, on the other hand, without third party cookies.

PSD2 did not come alone but rather followed by policies such as MIFID2. Ask any banker about these and their experiences, and they are likely to pale just slightly or become visibly nauseous. GDPR is in effect, and now so is CCPA here in California. This reminds us that not only is this focus to data privacy and portability as fundamental as PSD2 was. Data is also fundamentally global from the start and cross-industry, which can make its impact beyond comparison to what gave us some of the world’s greatest innovations in financial services.

Financial services is a gigantic market and like data, they both touch every market. Data is also growing in importance each day. We may well have a distributed data market in the future, where developers hold the keys, keys that policymakers like the European Commission give them.

If you have the keys, what will you build?