ESBG releases updated position on proposed EU data protection legislation

EU data protection legislation would benefit from consumer-centric focus to data protection, according to a new ESBG positon paper.









​​BRUSSELS, 16 July 2015 ​– EU data protection legislation would benefit from consumer-centric focus to data protection, according to a new positon paper​ released today by savings banks trade body ESBG.  The three-page document acknowledges the sensitive nature of consumer data, arguing a need for balance between consumer protection and sound banking practices in eight areas of the awaited legislation that its members see need to be specifically hashed out by the EU Commission, Council and Parliament this autumn.  An update of the ESBG’s previous position released in 2012, it factors in recent published proposals by trilogue bodies. 

Balancing need to protect customer with bank security, harnessing big data
More specifically, ESBG sees the need for credit scores to remain part of the lender assessment toolbox, which the Parliament proposal seeks to prohibit. Outlined in Article 20 of the legal text on profiling and information provided to customers, certain data held by savings and retail banks on a client –  a “data subject” in legalese – should be allowed to be harnessed for big data use. Clients should have the right to “opt out”, a concept tabled in a European Parliament report and supported by ESBG, giving the client the right to object to their information. Either the savings banks-backed opt-out proposal or the Commission- and Council-led opt-in rule, which the ESBG paper opposes, should not apply if profiling is requested by law. Anti-money laundering or combatting fraud are two examples. This point needs to be explicit in the regulation, ESBG posits.

Data: a precious resource
Moving client data, a precious asset in the cut-throat banking landscape, from one competing bank to another is also a touchy point for ESBG members. The group calls for removal of a “data portability”  loophole contained in the Commission’s proposed legislation – Article 18, paragraph 2.  Data should stay with that bank who collected them, it argues, due to not only confidentiality but also competitive factors. 

Trialogue talks on data protection rules, which started shortly before the summer break, will pick up speed in September and are scheduled for conclusion by December.



Regulation; Data protection and data privacy; European Institutions; European Supervisory Authorities (EBA-ESMA)