The Senate of Canada is calling for the implementation of “Open Banking”, a “system that provides a user with a network of financial institutions’ data through the use of application programming interfaces (APIs).” The Senate released a report on June 19, entitled “Open Banking: What it Means for You”.

Theoretically, Open Banking keeps bank account login credentials confidential. Such can provide users with the ability to direct their bank to share only selected data with other businesses, as well as giving them more possibilities to make payments through their bank accounts.

The report found that roughly 30 percent of Canadians feel that they don’t have control over how their personal information is being utilized (either by the government or the private sector).

The Senate offered four main recommendations:

1. Developing a principles-based framework for open banking

The report suggests the development of a principles-based framework for open banking, to be conceived by industry stakeholders and integrated with existing financial and privacy legislation. Such framework could cover:

+ the scope of data that would be accessible by financial services providers;

+ how the payments sector will be included within the framework;

+ timelines for implementation;

+ the financial services providers that would be participants.

2. FCAC to oversee screen scraping

Screen scraping is a common method by which third-party applications access a customer’s (banking) data. Essentially, a user provides an application their username and password and then the application “prints” their information from a screen capture in order to obtain information. The third party then has access to the customer’s account information and transaction history. According to the Department of Finance, about 4 million Canadians use apps which use screen scraping as a method of accessing personal financial data.

The report recommends quick action to minimize the risks associated with such method, including designating an oversight body. The Financial Consumer Agency of Canada (FCAC) would be given this role “immediately” with a semi-annual review by the federal government until a final regulator has been chosen.

3. Financial services industry legislation amendments

Moreover, the report recommends that the federal government introduce legislative changes to financial sector legislation to forbid the use of consumer banking data for insurance underwriting purposes; ensure the continued stability of the Canadian financial sector system (including as a result of the impact of any of the “Big Tech” companies entering the financial services sector); and implement bank-specific consumer protection measures (such as demanding transparency of algorithms, giving consumers the ability to track the sharing of their data and providing consumers with deletion rights in respect of their data when consent to share such data is withdrawn).

4. Modernizing PIPEDA

The report suggests a swift modernization of the Personal Information Protection and Electronic Documents Act (PIPEDA — a Canadian law relating to data privacy) to align it with the General Data Protection Regulation 2016/679 (GDPR) as a global privacy standard.

Such would entail:

Enabling individuals to direct that their personal information be moved from one organization to the other in a standardized format (data portability right).

Requiring explicit, plain-language consent.

Enhancing the Privacy Commissioner’s enforcement and oversight powers (including order-making powers: cessation and records preservation orders).

“Open Banking: What it Means for You” is truly fascinating for any Canadian Open Banking observer (such as yours truly). It’s really interesting to see as to how the federal government could (finally?) implement Open Banking legislation.