DO worry, be happy! 'PSD2 and now Google knows when your salary is paid’
In this blog series 'DO worry, be happy!', we talk to experts in the field of technology, innovation and ethics about new developments. Through the lens of current events, we ask them to explain why they are worried about how technology will shape the future. But don’t be afraid, we are also looking for ways to take over the direction that technology is taking us. So DO worry, but be happy!
Although it might not sound as scary as the new Dutch surveillance law, the new European guideline, PSD2, is certainly worth worrying about. Beginning in January of 2018, this guideline will grant banks the ability to share their data with third parties. Brussels says it wants to open up the payment service industry to parties outside banks, hoping for the emergence of “innovative payment services”. Once they have access to this data, companies like Facebook and Google can offer services based on your bank balance and payment behaviour.
In part three of this blog series, we asked Ahmed Aarad to explain why we should worry about this new guideline. Aarad is an expert on privacy and on ICT in government who tries to promote the transition to sustainable software within the government.
What is the problem here?
“This directive is intended to harmonise bank traffic and to improve competition in the 'payment industry'. That's the official statement. There is, for instance, a maximum rate for transactions made using a debit or credit card. This is totally unnecessary seeing as ING (just one of the 60 credit card providers) charges 0.0% for transactions like this.
The lobbying group for companies in this sector is known as EPSM (European Association of Payment Service Providers for Merchants) and has 68 members based in Europe. However, the major international parties such as PayPal, Google and Apple are not counted. You could easily argue that this 'market' appears healthy in terms of competition. So what exactly is the competition problem that the Commission and the European Parliament hopes to solve with this directive? When you ask this question, the directive seems much more advantageous for the banks than for the consumer.”
Why should we worry about this?
“Simple: data, data, and data again. After the “sleepwet” (the new Dutch sirveillance law) has trawled through all your digital communications, your payment details will be made available to any interested third party. When you get a raise or a holiday bonus, your bank can now share that information with anyone from law enforcement to an online travel agency who will then know exactly how much you have to spend. This idea isn't new; ING thought of it a long time ago. And we, the citizens, thought this was a bad plan, and our politicians followed suit. Now that decision has been sidestepped with this new guideline, PSD2. The decision was made via the EU where all parties (from SP to VVD) voted in favour of it. Politicians suggest that things aren't so bad. And this includes the politicians you wouldn't expect, like Judith Sargentini from GroenLinks. Meanwhile, organisations like the AFM, the Ministry of Finance, TROS Radar, and even the banks are expressing their concerns about what the directive has now become.”
Do you see a trend in this area?
“I see a trend of corporatism: a model in which legislative power is assigned to economic, industrial, agricultural and professional organisations. In corporatism, several unelected bodies assume an influential role in the decision-making process. We already know that the largest companies in the world can count on special treatment where taxes are concerned. That our elected officials support them in economic activities. That they act on their behalf abroad. And that they almost always avoid prosecution even in extreme cases like human rights violations.
In the past, we dealt with mega-conglomerates like DuPont and General Electric. In 2017, social media platforms like Facebook and search engines like Google belong to companies of comparable monetary value. The difference is that companies like these have the power to determine which politician gets elected, not to mention the power they can exert on legislation that isn't in keeping with their own interests. From a historical perspective, the contemporary power of companies is unheard of. We've never seen companies with the ability to wield their legislative influence in almost every country in the world.”
How can we exert our own concrete influence?
“We can't really. This directive isn't referendable and does not require permission from national parliaments. And because all parties voted in its favour, it's highly unlikely that parties in the Lower House will oppose it. In theory, you could refuse these third parties access to your data. On paper, anyway. Those third parties can always include in their terms and conditions that if you don't share your data, you can't use their service. Or that you'll have to pay extra to use it. Or is that access will be limited. In short, there are many ways to force you into it.
What we can do is set up a payment provider that will always refuse requests on behalf of the customer. But this isn't a perfect solution because, under PSD2, just about anything can be seen as a payment provider. So if this succeeds, then it will remain to be seen how effective it is.”