Thursday

23rd Nov 2017

Column / Brussels Bytes

Commission right to reject screen-scraping ban

  • The EBA claims that the technique, known as “screen-scraping,” raises privacy and security problems. (Photo: tofu_khai1980)

The European Banking Authority (EBA) recently proposed a ban on third-party financial services firms, such as those offering automated financial advice, from using software to automatically collect consumer data from banks.

Such a ban would limit innovation by enabling financial institutions to unfairly restrict their customers’ ability to share data with companies whose services often compete with those of the banks.

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

The EBA claims that the technique, known as “screen-scraping,” raises privacy and security problems, but the European Commission has announced it intends to reject the EBA’s proposal, because the new payment services directive (PSD2) already deals adequately with these concerns.

The Commission should push ahead with its revisions, despite the EBA’s objections.

Pushing ahead

The EBA wants to ban screen-scraping in regulatory technical standards (RTS), rules that will accompany PSD2 when it comes into force in January 2018.

The EBA has legal authorisation to draft the RTS, subject to approval and amendment by the Commission.

To prevent fraud, PSD2 compels fintech companies - firms that use new technologies to offer financial services - to identify themselves to banks before accessing any data on behalf of customers, regardless of what data collection method they use.

Nevertheless, the EBA says data should only be accessible via the application programming interfaces (APIs) that banks must provide under PSD2, and not through screen-scraping, which scans what the customer sees when they log into their accounts and is harder for banks to control.

The Commission, however, rightly argues screen-scraping should still be allowed when APIs fail.

The EBA’s proposal will only work if fintech companies can be fully confident that banks’ APIs will unfailingly supply all of the data they need in order to provide services to customers.

If APIs stop working because of bugs in their code, are temporarily suspended due to new security threats, or simply fail to provide exactly the data the company needs and is otherwise available to its customers, then screen-scraping can sometimes work as a fallback.

But if screen-scraping becomes illegal, fintech companies’ ability to continue developing new data-driven services will depend on the competence and good faith of every single bank potential customers might use. That is a lot to ask, particularly when traditional banks compete with fintech companies to provide various financial services to customers.

Threat to fintech

A blanket ban would also threaten competition among banks and fintech companies, which policymakers intended to stimulate with PSD2.

PSD2 forces banks to open up their APIs to third parties, making it easier for customers to share their data and access new services. This rule is in the same spirit as the right to data portability in article 20 of the General Data Protection Regulation (GDPR), which the Council adopted six months after PSD2.

One reason why the EU came up with this rule was because so many banks have been slow to adopt open APIs, instead restricting data sharing to preferred partners - in turn limiting consumer choice and freezing out competition from fintech companies.

Yet now, the EBA wants to impose a ban on screen-scraping, which has enabled innovation in the fintech sector despite the unwillingness of the banks.

None of this is to suggest that screen-scraping is preferable to APIs. On the contrary: screen-scraping is only a failsafe.

Open APIs are a more efficient way of sharing data, as long as they reliably provide the same information customers can see when they log into their accounts.

In the future, APIs are likely to become the standard for the kinds of third-party services fintech companies provide, especially after PSD2 comes into force, and as businesses in other sectors expand their use of APIs as a way of complying with article 20 of the GDPR.

But, so far, banks’ resistance to change has forced fintech companies to rely on screen-scraping. It makes no sense to disallow this method now, when open APIs in the banking sector remain more the objective than the norm.

Instead, the RTS should allow screen-scraping when APIs fail to perform as they should.

If PSD2 succeeds in establishing reliable open APIs throughout the banking sector, then it will not be necessary to kill screen-scraping with pointless regulation: it will die a natural and peaceful death.

The Commission is on the right side of this argument. It should hold firm and push ahead with its intention to remove the proposed ban from the draft RTS.

Nick Wallace is a Brussels-based senior policy analyst at the Center for Data Innovation. His Brussels Bytes column deals with the digital single market and data-related policy issues in the European Union.

EU public lacks voice on banking laws

The complexity of financial laws and lack of NGO resources means the “man in the street” has little say on EU banking regulation, the EU Commission has warned.

Grim forecast for UK banks after Brexit

Banks will need up to $50 billion in extra capital and see higher costs of $1 billion to diversify out of the UK after Brexit, a top consultancy has said.

EU bans 'geo-blocking' - but not (yet) for audiovisual

Online retailers will no longer be able to discriminate against potential customers based on their location in the EU, but the phrase 'this video is unavailable in your region' will remain a common sight in Europe.

EU bans 'geo-blocking' - but not (yet) for audiovisual

Online retailers will no longer be able to discriminate against potential customers based on their location in the EU, but the phrase 'this video is unavailable in your region' will remain a common sight in Europe.

News in Brief

  1. Spain sends migrant arrivals to unfinished prison
  2. Iceland prepares for biggest volcano to blow
  3. Greek parliament postpones debate on Saudi arms deal
  4. Family of murdered Malta journalist to sue police
  5. UK to sell RBS bank stake, boosting government coffers
  6. December euro summit still on, Tusk confirms
  7. EU calls for end to Kenya election crisis
  8. Report: Israeli PM invited to meet EU ministers

Stakeholders' Highlights

  1. International Partnership for Human RightsEU Leaders Should Press Azerbaijan President to End the Detention of Critics
  2. CECEKey Stakeholders to Jointly Tackle the Skills Issue in the Construction Sector
  3. Idealist Quarterly"Dear Politics, Time to Meet Creativity!" Afterwork Discussion & Networking
  4. Mission of China to the EUAmbassador Zhang Ming Received by Tusk; Bright Future for EU-China Relations
  5. EU2017EEEstonia, With the ECHAlliance, Introduces the Digital Health Society Declaration
  6. ILGA EuropeFreedom of Movement For All Families? Same Sex Couple Ask EU Court for Recognition
  7. European Jewish CongressEJC to French President Macron: We Oppose All Contact With Far-Right & Far-Left
  8. EPSUWith EU Pillar of Social Rights in Place, Time Is Ticking for Commission to Deliver
  9. ILGA EuropeBan on LGBTI Events in Ankara Must Be Overturned
  10. Bio-Based IndustriesBio-Based Industries: European Growth is in Our Nature!
  11. Dialogue PlatformErdogan's Most Vulnerable Victims: Women and Children
  12. UNICEFEuropean Parliament Marks World Children's Day by Launching Dialogue With Children

Latest News

  1. Germany's Schulz under pressure to enter coalition talks
  2. LuxLeaks trial re-opens debate on whistleblowers' protection
  3. Wilders says Russia is 'no enemy' ahead of Moscow visit
  4. EU must put Sudan under microscope at Africa summit
  5. Mali blames West for chaos in Libya
  6. Orban stokes up his voters with anti-Soros 'consultation'
  7. Commission warns Italy over high debt level
  8. Mladic found guilty for Bosnia genocide and war crimes

Stakeholders' Highlights

  1. European Jewish CongressAntisemitism in Europe Today: Is It Still a Threat to Free and Open Society?
  2. Counter BalanceNew Report: Juncker Plan Backs Billions in Fossil Fuels and Carbon-Heavy Infrastructure
  3. Nordic Council of MinistersNordic countries prioritise fossil fuel subsidy reform
  4. Mission of China to the EUNew era for China brings new opportunities to all
  5. ACCASmall and Medium Sized Practices Must 'Offer the Whole Package'
  6. UNICEFAhead of the African Union - EU Summit, Survey Highlights Impact of Conflict on Education
  7. Nordic Council of MinistersNordic Council Calls for Closer Co-Operation on Foreign Policy
  8. Swedish EnterprisesTrilogue Negotiations - Striking the Balance Between Transparency and Efficiency
  9. Access EuropeProspects for US-EU Relations Under the Trump Administration - 28 November 2017
  10. Nordic Council of MinistersSustainable Growth the Nordic Way: Climate Solutions for a Sustainable Future
  11. EU2017EEHow Data Fuels Estonia's Economy
  12. Mission of China to the EUChina and EU Step Up Water Management Cooperation