Overview of Emerging Data Governance Structures Prepared for ABAC - - PowerPoint PPT Presentation

▶

Nov 13, 2023 282 likes •442 views

Overview of Emerging Data Governance Structures Prepared for ABAC Patrick Walker 20 June 2018 CONFIDENTIAL AND PROPRIETARY Any use of this material without specific permission of PERC is strictly prohibited Contents Context EU ANA

SLIDE 1

Overview of Emerging Data Governance Structures

Patrick Walker 20 June 2018

Prepared for ABAC

CONFIDENTIAL AND PROPRIETARY Any use of this material without specific permission of PERC is strictly prohibited

SLIDE 2

Privileged & Confidential |

▪Context

▪EU

– ANA Credit – GDPR – PDS2

▪US

– ODI – Data privacy/security (new framework)

▪APEC

– CBPRs

▪Conclusion

– Take-away for APEC

SLIDE 3

Privileged & Confidential |

Drivers of Reform

▪Technological innovations

– Render obsolete existing regs

▪2008 Financial Crisis

– PCRs exposed as inadequate

▪2013 NSA/Wiki-leaks

– Caused international furor

▪2017 Equifax data breach

– Data security in regulators cross-hairs

▪2018 Facebook

– Elevated data privacy as policy issue

SLIDE 4

Privileged & Confidential |

Move to Open Data Access BUT Emphasize Privacy & Security

▪ Not new

– Started with government data – Slowly spreading into private sector

▪ Perception of less competition

– Many industries are oligopoly or monopoly

▪ Pressure from new entrants

– FinTech are effectively securing open access – NGOs, multilaterals about to enter fray

Market failures abound in data. Expect more government support for open access.

SLIDE 5

Privileged & Confidential |

▪Context

▪EU

–ANA Credit –GDPR –PSD2

▪US

– ODI – Data privacy/security (new framework)

▪APEC

– CBPRs

▪Conclusion

– Take-away for APEC

SLIDE 6

Privileged & Confidential |

ANA Credit

▪ ECB’s shared multi-purpose database

– Detailed info on bank loans across EU – Harmonized across member states

▪ Integrated/streamlined bank reporting

framework – Aims to improve data quality and reduce reporting

burden

– For monetary policy analysis and operations, financial

stability surveillance, risk management.

▪ Commercial credit data only.

– Much more granular view (loans 25k Euros and up) – Begins Sept 2018 in full force 2020.

Seeks to enhance NCBs risk data aggregation capabilities and risk reporting practices.

SLIDE 7

Privileged & Confidential |

General Data Protection Regulation (GDPR)

▪ 1 set of data rules for EU

– Extra-territorial owing to adequacy requirement – Creates foundation for single digital market – Create an even playing field for controllers ▫ One stop shop ▫ Same rules in every country ▫ Data Protection Board that would force harmony

▪ Implementation fraught with problems

– Agencies lack authorizing laws, funding, capacity, skills – Companies do not have policies to comply, skills – Individuals do not understand new rights – Effective May 25th after two years of preparations

Data protection is broader than privacy— right for data to yield long and healthier life

SLIDE 8

Privileged & Confidential |

Payment Services Directive 2 (PSD2)

▪ Single market for payments

– Took effect 1/13/2016, applicable 1/13/2018.

▪ 3 Key Change from PSD1

– Extend the Directive’s scope – Strengthen security and customer

authentication requirements

– Introduce TPPs (3rd party providers), license

and supervise them.

▪ It’s about competition

– Designed to crush bank monopoly on data – Driven by FinTech and fueled by general

antipathy toward banks

Open Banking Initiative expands logic of PSD2 to broader set of data and players.

SLIDE 9

Privileged & Confidential |

▪Context ▪EU

– ANA Credit – GDPR – PDS2

▪US

–ODI

▪APEC

– CBPRs

▪Conclusion

– Take-away for APEC

SLIDE 10

Privileged & Confidential |

US Open Data Initiative (ODI)

▪ Driven by tech change

– Screen scrapers and other FinTech accessing

data.

– Banks complain of “wild, wild, West”

▪ CFPB Issues Principles (Oct 2017)

– Consumer-authorized data sharing market – Based on OECD Fair Information Principles

▪ It’s about competition

– Recognizes data subject as owners of data – Banks remain gate-keepers for API access ▫Chase/Intuit ▫Wells/Finicity and Xero

Banks opening up access but picking winners—compromise solution.

SLIDE 11

Privileged & Confidential |

▪Context ▪EU

– ANA Credit – GDPR – PDS2

▪US

– ODI

▪APEC

–CBPRs

▪Conclusion

– Take-away for APEC

SLIDE 12

Privileged & Confidential |

Cross-border Privacy Rules (CBPRs)

▪ Designed to remove barriers and enable

commerce – Single framework for exchange of personal information – Currently 5 member economies participating (Canada,

Japan, Republic of Korea, Mexico, United States)

▪ APEC Electronic Commerce Steering Group

expanding application of CBPRs – EU Binding Corporate Rules/CBPRs common

referential established

– CPBR being considered as certification under EU

GDPR

Barriers to data flows being removed within and among advanced economies.

SLIDE 13

Privileged & Confidential |

▪Context ▪EU

– ANA Credit – GDPR – PDS2

▪US

– ODI

▪APEC

– CBPRs

▪Conclusion

–Take-away for APEC

SLIDE 14

Privileged & Confidential |

Thriving In Dynamic Data Ecosystem

▪ Data as an opportunity

– Just scratching surface, barriers only now

coming down.

– Data in and data out

▪ Change is happening

– It is fast and furious – Emanates from unrelated quarters – Increased government efforts to open access

▪ It’s evolution

– Adapt or die – Data tools there to help survive and prosper

Must prioritize data strategy—using internal and external resources

SLIDE 15

Overview of Emerging Data Governance Structures

Contents

▪Context

▪EU

▪US

▪APEC

▪Conclusion

Drivers of Reform

▪Technological innovations

▪2008 Financial Crisis

▪2013 NSA/Wiki-leaks

▪2017 Equifax data breach

▪2018 Facebook

Move to Open Data Access BUT Emphasize Privacy & Security

▪ Not new

– Started with government data – Slowly spreading into private sector

▪ Perception of less competition

– Many industries are oligopoly or monopoly

▪ Pressure from new entrants

– FinTech are effectively securing open access – NGOs, multilaterals about to enter fray

Contents

▪Context

▪EU

–ANA Credit –GDPR –PSD2

▪US

▪APEC

▪Conclusion

ANA Credit

▪ ECB’s shared multi-purpose database

▪ Integrated/streamlined bank reporting

▪ 1 set of data rules for EU

▪ Implementation fraught with problems

Payment Services Directive 2 (PSD2)

▪ Single market for payments

– Took effect 1/13/2016, applicable 1/13/2018.

▪ 3 Key Change from PSD1

– Extend the Directive’s scope – Strengthen security and customer

– Introduce TPPs (3rd party providers), license

▪ It’s about competition

– Designed to crush bank monopoly on data – Driven by FinTech and fueled by general

Contents

▪Context ▪EU

▪US

–ODI

▪APEC

▪Conclusion

US Open Data Initiative (ODI)

▪ Driven by tech change

– Screen scrapers and other FinTech accessing

– Banks complain of “wild, wild, West”

▪ CFPB Issues Principles (Oct 2017)

– Consumer-authorized data sharing market – Based on OECD Fair Information Principles

▪ It’s about competition

– Recognizes data subject as owners of data – Banks remain gate-keepers for API access ▫Chase/Intuit ▫Wells/Finicity and Xero

Contents

▪Context ▪EU

▪US

▪APEC

–CBPRs

▪Conclusion

Cross-border Privacy Rules (CBPRs)

▪ Designed to remove barriers and enable

▪ APEC Electronic Commerce Steering Group

Contents

▪Context ▪EU

▪US

▪APEC

▪Conclusion

–Take-away for APEC

Thriving In Dynamic Data Ecosystem

▪ Data as an opportunity

– Just scratching surface, barriers only now

– Data in and data out

▪ Change is happening

– It is fast and furious – Emanates from unrelated quarters – Increased government efforts to open access

▪ It’s evolution

– Adapt or die – Data tools there to help survive and prosper

POLICY & ECONOMIC RESEARCH COUNCIL

6409 Fayetteville Road, Suite 120-240 Durham, NC 27713 USA www.perc.net Phone: +1.919.338.2798