Does open banking mean the end of screen scraping?

Open Banking will compel the sharing of customer information between banks and accredited third parties over secure platforms using API’s if customers agree.

There is nothing in the Consumer Data Right Rules or the Open Banking Regulation which prohibits screen scraping but the compatibility of both has become an issue for the Senate Select Committee on Financial Technology and Regulatory Technology.

The issue is whether data about a consumer can be used to disadvantage the consumer and whether open banking provides better safeguards against the risks of screen scraping.

What is screen scraping?

Screen scraping services combine and present information about a customer’s accounts with the consent of the customer. Account aggregation by means of screen scraping involves a centralised website collecting and displaying all of a person’s online accounts on a single page. It does this by supplying software that enters the sites of financial institutions and other businesses and collects the data.

Screen scaping is used by financial advisers for budgeting and investment advice as well as by lenders for responsible lending checks.

FinTech Australia says open banking should not prohibit or endorse screen scraping and customers should choose.

The Financial Rights Legal Centre and Consumer Action Law Centre say the enhanced privacy protections in the CDR Rules are crucial to protect customers, and fintechs should not be able to use screen scraping techniques to access banking data outside the CDR regime.

They say that screen scraping is used in the lending sector to undertake responsible lending checks and is prevalent throughout the small amount credit contract market. But it has flaws and risks if it requires a consumer to hand over their password and username details in order to access and analyse their data. Their information could then be used for other purposes.

Separately the ACCC has issued a consultation paper seeking views on how the CDR rules should permit the use of third party service providers that collect or facilitate the collection of CDR data from data holders on behalf of accredited persons and the appropriate consumer and privacy protections that should apply to such disclosures.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.