European open finance report pays insufficient attention to fundamental rights

In October 2022 an interesting report on open finance by the Expert Group on European Financial Data Space was published. The essence of ‘open finance’ is that citizens share all their financial transaction data with commercial parties. That will enable these commercial parties to develop new products based on the same kind of ‘personalisation’ as already is common in the advertising industry.

Open finance will also encourage the outsourcing of government functions to the private sector, as is already happening with crime fighting, also known as ‘anti-money laundering’ (outsourced to payment service providers and banks), even though this subject is not mentioned in the report.

The report focuses the way data sharing can take place. Even though the data minimisation principle is mentioned [1], the report does not address whether that principle can be met in open finance.

The report discusses the liability system, while much more important is that all parties involved in open finance ecosystem are permanently screened, regularly audited and there is a proper signalling system. After all, liability must be prevented. Fundamental rights play a lateral role, as this text on page 52 makes clear:

However, while use of both non-traditional/unstructured data and traditional data can improve scoring models’ predictive power (thus producing a better outcome for thin file consumers willing to ask for a mortgage), it also raises some privacy issues.

some privacy issues‘ is a severe understatement…


One of the problems of open finance is going to be that those who do not want to join and let their personal data being harvested, will pay higher prices. More personal information, both financial as non-financial, shall enable companies to do cherry picking, also in types of services where the solidarity principle should play a major role (e.g. insurance).

And of course discrimination en exclusion are a risk, that now already is apparent as a result of the anti-money laundering (AML) and countering terrorist financing (CFT) measures financial institutions implement. In the report it is mentioned that some people have ‘a higher risk profile’, without addressing how such a risk profile is established, the same applies to “Positive and negative behaviour held by credit bureaus” (page 60). The tendency will also be that customers that have ‘a higher risk profile’ get services only if they allow in-depth monitoring.

Data brokers, like the members of Febis (see below), will play a major role in the open finance ecosystem and will make it impossible for customers to know what happens to their data, as currently already is the case with Big Tech companies like Facebook, Google and Microsoft and all the other opaque advertisement companies.

Read on the data brokers (page 38):

An open finance ecosystem also places emphasis on the role of Data Brokers, including third party providers, which may act both as providers of services and information brokers. The relevant Data Brokers include PSD2 TPPs dedicated platforms, business data management vendors and verification providers, and independent and neutral automotive gateway administrators. In mortgage market, an important role is also undertaken by tied and independent credit intermediaries (the criteria for extended knowledge and assessment of market offers applicable mainly to independent intermediaries) and insurance intermediaries with part of their functions resembling the role of Data Brokers.

Data from various data sources, including government data, are brought together in open finance, posing major data protection risks, read also on page 38:

Relevant data holders for an open finance framework could also include public bodies (social security, tax authorities, land registries), credit registers and bureaus, private companies (utility and telco companies, ecommerce platforms, supply chain platforms/ online marketplaces holding data required for SME financing).

The report stresses the importance of consumer rights and data protection, but in my impression not enough is being done about it. Is that because Europe fears American Big Tech companies that are already entering the financial markets and that analyse browsing behaviour, email etc (like Google does)?

When examples of open finance products are mentioned, it is clear where things are heading:

Creditworthiness assessment and monitoring (loans, mortgage):

  • Institutions and creditors want very comprehensive financial personal data, both for assessing the application and in monitoring compliance with the terms of the loan. Even though the application process is bothering the client, it will be the creditors who benefit from the large amounts of personal data that become available.
  • Open finance makes it possible to get behavioural information about customers, referred to as ‘non-traditional information’ in the report. Examples are psychometric questionnaires (open finance enables to test these questionnaires on large scale), that look for personality traits like optimism, confidence, self-awareness and locus of control. Should we want open finance companies to engage in personality surveys (even if advertising companies do so on a large scale)? The report mentions (page 52) that Big Tech companies may be able to detect that a divorce is imminent, which may affect compliance with mortgage obligations.
  • It will be easier for credit providers to obtain governmental data if governments join the open finance system, e.g. historical tax data, social security data, public grants. For these providers data on the use of energy, water and communication data are also interesting to get a full picture of the client [2].
  • The use of open finance applications in trade finance makes it easier for financial institutions to comply with their AML/CFT (trade-based money laundering) obligations in relation to their clients. (Not mentioned in the report.)

Financial advice:

  • The report argues that open finance may facilitate provision of high-quality financial advice, again based on large quantities of personal data. I do not think this matters much for the rich, but perhaps that type of advice will become cheaper and the upper middle class can use it more often. My impression is that this is a small niche market.


  • Personalised insurance: detailed financial data on the insured, in addition to all the other data already obtained, makes it possible to accept only low risks (“Because of better and more granular risk selection (for example in insurance)“).
  • In-vehicle data sharing: the chapter on this subject shows that not only insurers may collect more information to assess their risks and improve safety. This type of real time data sharing enables insurers and other relevant parties (like governments) to direct the behaviour of people:

More and more tailor-made products are being offered based on driving styles, as well as awarding more favourable tariffs to lower-risk drivers. The claims frequency of vehicles equipped with telematics devices is significantly lower than that of vehicles without such technology. This is even more true for young drivers. Those who are aware that they are being monitored adopt a more careful driving style.

The examples show that primarily companies benefit and that people and SMEs are becoming completely transparent, especially when the information of advertising companies is combined with financial information.

Even more dangerous is dat the behaviour of people will be directed through open finance, what may serve good causes. For that reason, restraint should be execised when companies apply such techniques, especially if this is going to take place on large scale.

Benefits for citizens?

While the report argues that there would be benefits for citizens from open finance and that their fundamental rights will be respected, it is clearly visible that the acquisition by companies through open finance of large amounts of financial personal data mainly serves the interests of companies and governments. This can also be inferred from the fact that organisations of data brokers and financial firms in particular have shown interest in the report, like Febis (databrokers) and EBF (banks).

Is Europe digitally mature enough?

In this context, it is important to note the European government’s failure to address data protection issues. There is insufficient enforcement, there are no audit systems and large-scale data breaches are constantly being reported. The big question is whether Europe is ready for large-scale sharing of financial personal data. This is reflected in the factual summary report of the open finance public consultation in 2022, see paragraph 3.4 (marking by me):

The majority of citizens respondents argued that financial service providers holding data should be obliged to share them with other financial or third-party service providers, if consumers have given their consent or agreement (55%, 30 out of 55 replies). However, citizen respondents are concerned to share financial data due to a lack of trust which stems from concerns over privacy, data protection and digital security, and a generalised sense of not being able to control how their data is used. An overwhelming majority of citizens responding to the public consultation believe there are security and/or privacy risks in giving service providers access to their data (84%, 46 out of 55 replies). Moreover, most citizen respondents do not believe that financial service providers that hold their data always ask for consent before sharing those data with other financial or third-party service providers (57%, 26 out of 46 replies).

Final remarks

Though fundamental rights are mentioned, the report mainly is written for the benefit of the larger companies and governments. They will profit from large amounts of financial data and other data regarding natural persons and SMEs. The key problems that are created for citizens by large-scale data processing, by risk profiling systems and the opacity caused by the involvement of so many parties, are not sufficiently addressed.

Instead of making transparent citizens and SMEs, open finance and other digital tools should be used to make large companies and governments transparent.



[1] Page 13: “Principles of data minimisation – limiting processing of data to what is necessary – must also be adhered to.

[2] Page 59:

Basic services:
Energy, water and communication suppliers’ data are early indicators of an SMEs activity, e.g., in industries, an increase in electricity and water consumption indicates an increase in production and, possibly, future sales.


More information:

The report of the Expert Group on European Financial Data Space:

  • Report of the Expert Group on European Financial Data Space. The views reflected in the report are the views of the members of the expert group only.
  • Announcement of the report on the website of the European Commission, 24 October 2022.
  • Page of the expert group on the site of the European Commission.

Factual summary report open finance consultation:

  • Factual summary report PSD2 and open finance public consultation, October 2022, te be found on this page under ‘Summary report’.

Data brokers on the report:

Financial sector on the report:

Over Ellen Timmer

Weblog: ||| Microblog: ||| Motto: goede bedoelingen rechtvaardigen geen slechte regels
Dit bericht werd geplaatst in English - posts in English on this blog, Europa, Financieel recht, onder meer Wft, Wtt, Fraude, witwasbestrijding, Wwft, Grondrechten, ICT, privacy, e-commerce en getagged met , , , , , , , , , . Maak dit favoriet permalink.

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen. logo

Je reageert onder je account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s