Consumer Data Protection: Can the U.S. FinTech Industry Solve the Problem?
There have been two main players to date when it comes to consumer data protection, or, rather, the lack thereof. There are companies, largely Big Tech, that want to harvest and sell consumer data, and there’s the government which is attempting to regulate it.
But there needs to be a third: the consumer. When it comes down to it, we’re seeing that action at the regulatory level will not solve consumer data protection issues alone. Consumers must have a seat at the table, especially since the proliferation of technology has led to more harmful data practices. They need a meaningful role and to be invested in the solution so they can influence the outcome.
A new business model might be the key here, and the FinTech industry is uniquely equipped to be at the forefront of consumer data protection. In my role as a legal professional working in FinTech, I’ve had a firsthand look at the potential transformation the industry could bring to consumer data. FinTech, a leading disruptor of multiple industries, draws in the types of entrepreneurs, innovators and financiers that could bring in the complex and novel thought needed to tackle this giant problem.
Let’s take a step back and look at the current consumer data protection regulatory and legal landscape. The fact is there’s no single, comprehensive federal law that regulates personal data collection and use in the U.S. Instead, data protection at the federal level is governed by a patchwork system of laws that are meant to regulate industries — not the collection and use of consumer data.
At the state level, only a handful have consumer data protection laws. Opponents of state-specific laws argue that they stifle innovation for businesses that operate nationwide. So, there has been a push to pass a federal consumer data protection law, but there’s concern that it would be a watered-down (perhaps toothless) version of the California Privacy Rights Act. This wouldn’t help the consumer.
Currently, when a regulator brings an action against a company for violating consumer protection requirements, it often results in a settlement where the company pays a fine. The unfortunate reality is that this has become a part of the cost of doing business. The cost in fines is worth the revenue generated by the “unfair or deceptive” business practice. This type of regulation isn’t helpful to the consumer either.
FinTech on the other hand is regulated at both the state and federal level, depending on the specific products and services being offered. There are two specific FinTech offerings that could advance consumers’ privacy needs: tokenizers and blockchain technology. While blockchain isn’t FinTech on its face, it is useful in enhancing the security of consumer data.
The Rolling Stone Culture Council is an invitation-only community for Influencers, Innovators and Creatives. Do I qualify?
Tokenization takes sensitive data and replaces it with a unique identification that keeps essential info safe without compromising security. Apple Pay, for example, is a generator of proxy tokens, which are tokens that derive value from an underlying asset that it represents. It sends payment instructions but it does not receive or hold any of the money being processed. In other words, when a consumer uses Apple Pay at a store, the consumer is presenting a token to the merchant rather than their financial information.
Blockchain, put simply, is a peer-to-peer decentralized digital ledger that stores data. Regardless of how it is used, blockchain implementations share several core elements that make it a helpful tool for FinTech to securely collect, process and store consumer data.
There are, of course, some potential challenges to consider with blockchain. For one, the fundamental concept behind blockchain — the peer-to-peer network — makes it difficult to figure out who the data controller and processor are under applicable data privacy laws. And, as data protection laws are increasingly designed to help people get some measure of control over their personal data — including the right to correct or erase data — it’s worth pointing out that currently it’s not possible to erase blockchain blocks. But, despite these potential drawbacks, blockchain compliance with data protection laws is possible.
So, what is the solution for consumer data protection? I believe consumers should have the right to decide what becomes data and what remains a personal private experience. I think we need a new business model that protects consumers but continues to allow data to be used to enhance our lives, communities and societies. That was the original promise of the digital age — and it still remains within reach. A new business model would allow consumers to take back control. It would have three key customers: consumers, marketers and platforms.
Consumers would own their data and utilize tools that would feed data to their “data vault.” Marketers could then lease whatever data the consumer makes available to them — and then target highly effective ads back to the consumer. Platforms would pass collected consumer data through to the data vault, and would maintain access to the necessary data needed to perform its services.
In this system, all data would be tokenized, and blockchain would be the most secure means to facilitate interactions between different parties. Probably the most exciting part of this model is that it is consumer focused and managed. This really puts control back into the hands of the consumer and uses Web 3.0 to fulfill the promise of what the digital age should have been. It’s time for consumers to take their rightful seat at the table.