Data-driven innovations in payments : redesigning data frameworks and 'participatory governance'

Abstract

Technology has always been pivotal to payment systems’ evolution. In recent times, the most radical digital transformations have been driven by new cutting-edge digital technologies which allow the embedding of payment services in otherwise non-financial digital services infrastructure. While data-driven innovations have spread throughout global payments systems, the most instructive applications are, unarguably, noticeable among new non-bank entrants in retail payments, in particular multilateral digital payment platforms such as Alibaba, Tencent, Apple and Google. These vibrant data-driven actors are able to leverage their established digital services architecture in providing complementary alternative payment solutions (e.g., digital payment apps and mobile wallets), through mobile phones to a larger demographic of unbanked and underserved populations worldwide. The most dramatic impacts of these practical and convenient value propositions in data network externalities have been witnessed within payment inclusion in terms of broader consumer payment access, lower transaction fees, and increased payment processing speed.

However, the increased reliance on data-driven business models in payments can also generate considerable concerns on consumer digital data protection, data security and payment data privacy. With the emerging role of consumer data as quasi assets among digital payment institutions, the incentive to exploit consumer data for various business objectives, sometimes unscrupulously, has become heightened. In addition, digital infrastructures common in the emerging convergence in modern retail payment systems are also disproportionately prone to Techrisks such as cyberwarfare and data breaches. These manifestations can have significant legal implications on consumer protections in payments, including exposures to their personal and sensitive data protection, informational privacy, and potentially, algorithmic discriminations possible in the application of inferential analytics used in payments personalisation. Therefore, there is a pressing need to examine the status and adequacy of existing global payment regulatory and data governance frameworks, identify limitations and develop a further and more radical legal and regulatory framework, capable of aligning the business objectives of new payment institutions with payment data regulatory policy goals on consumer benefits and market conduct.

This research explores the opportunities and challenges to consumer benefits in data-driven innovations within the payments’ ecosystems from the perspective of new technology-oriented payment institutions, referred to as data-driven innovators. The study reveals that while huge benefits are inherent in new data-driven innovations applied in payments, there is a present need to identify and manage the amplified existing risks, and potentially new concerns revolving around consumer data protections and privacy. To these concerns, the study proposes the global adoption of the European Union’s twin peak approach comprising the General Data Protection Regulation and updated Payment Services Directives as the baseline for modern payment regulatory frameworks. Furthermore, a multifaceted data regulatory framework is also proposed to account for potentially new concerns (on inferential payment data) outside the existing scope of the primary EU regulations. The reform proposals include: (1) the introduction of fundamental amendments to existing data frameworks relating to (structural) protection of personal and sensitive data in the context of payment services; and (2) the promotion of increased consumer participation in the regulatory compliance and supervision of payment institutions through a variety of agile “participatory governance” oversight techniques. These techniques should include: 1) the creation of new special data supervisory intermediaries as consent managers for better consumer data protections among payment institutions, and 2) leverage of central bank digital currencies and open banking initiatives in fostering embedded supervision and open data competition within the payment ecosystems.

In making these contributions, the research seeks to provide a comprehensive legal analysis of the emerging blurred data taxonomy and data-driven business models in modern payment systems, where data analytics functions as a double-edged sword. The research findings are significant as it critically examines data protection and payment privacy from the angle of consumer digital interactions with payment institutions in their capacity as data custodians and controllers. This is in clear variance to existing legal analyses which have largely explored consumer data protection and payment privacy majorly from payment mechanisms’ perspectives.