Midata – the story so far
As part of its Consumer Empowerment push, the UK Government wants to give consumers – you and me – more control and access to our personal information. This is the stated purpose behind midata, an initiative (launched in 2011) which encourages suppliers to make available to consumers the information that the suppliers hold on a consumer’s transactions. The hope is that this will then give individual consumers insight into their own behaviour so that they can make more informed choices. Some big players have already signed up including Lloyds Bank, RBS, Visa and Mastercard, but the current arrangement is voluntary and relies on the goodwill of organisations to continue to participate. With its emphasis on putting the individual in control of their consumer data it chimes in well with the draft EU Data Protection Regulation’s focus on strengthening the rights of individuals.
Concerns of business
However, it is understandable why some commercial enterprises that have invested heavily in their consumer data analytics may not want to make such information available. Where you operate in a keenly competitive industry that uses loyalty cards or similar, there is little incentive to make this information available particularly if your competitors do not collect the same amount of information as you do. Unsurprisingly, some respondents to the consultation expressed concerns about midata’s likely costs to business (particularly for large businesses dealing with thousands of consumer records) and their view that insufficient time had been given to allow the voluntary approach to develop.
The Government’s position
The Government has been making more noises about the midata initiative in the past few days and today published its response to its earlier consultation seeking views on whether it should regulate to require organisations to fall into line with midata. The main message in the Government’s response is ‘we’re not going to wield the big stick (of legislation) yet – so long as you cooperate’.
The key points from the Government’s response are:
* The midata initiative will continue as a voluntary project in the short term and the Government will seek to accelerate progress by broadening the sectors that are engaged.
* The Government will use primary legislation to give itself a power to impose a duty (by way of secondary legislation) on businesses in the future should it consider it necessary to do so. This duty is likely to fall on suppliers of goods/ services to compel them to supply, at a consumer’s request, personal transaction data relating to the consumer’s purchase/ consumption of products and services from that supplier in an electronic, commonly used machine readable format.
* If the Government considers that progress in expanding midata on a voluntary basis is not sufficiently quick, it expects to bring forward regulations on the basis of the legislative power (although this will happen no earlier than autumn 2013).
* Certain core sectors – energy supply, mobile phones, current accounts and credit cards – are particularly in the Government’s sights and the Government will move more quickly to regulate such sectors.
* For other sectors the Government will consider certain key factors and engage in further consultation investigating issues such as the likely impact and costs for a sector or product group before imposing any duty.
* The data that will be available through midata will be ‘transaction data’. This is data about a consumer’s purchase/ consumption of products and services from the supplier. Specifically transaction data does not include any subsequent analysis that the supplier has undertaken on the information. Any Government regulations will only apply to businesses that hold the information electronically in a way that links the data to an individual consumer e.g. purchase history, interest charges and penalty charges on a credit/ debit card.
* Although midata data should be disclosed in a commonly used machine readable format the Government will not specify a particular format.
* Third parties can have a role in accessing and analysing data on behalf of consumers provided a third party is properly authorised. However, this brings with it concerns about data security and privacy as well as increased compliance costs for business. The Government has set up a working group to help ensure that where a consumer wishes to provide its midata data to a third party, (i) the consumer retains control over the data and how it is used, (ii) their privacy remains fully protected, and (iii) the consumer does not become subject to data misuse and exploitation. The place of trusted, reputable third party services to assist vulnerable consumers to access midata and act as advocates was recognised.
* Government may introduce charges for access to midata and a timeframe for responding as part of any regulations under secondary legislation.
* The ICO is the lead enforcer of the midata regime although the Government is considering granting concurrent enforcement powers to sector regulators e.g. the FSA.
* The Government argues that midata will increase competition since it will give consumers the ability to compare available options from suppliers.
Will it work?
While the Government’s aim to help consumers enjoy better access to their data may be laudable it is not clear how effectively midata will work in practice. At this stage it is evident that it depends on Government encouraging other big players – such as other banks or MNOs – to sign up. But in a time of economic fragility, what incentives are there for organisations to develop systems to facilitate midata access? In all likelihood, the Government’s big stick will come out at some point. First in line for regulation are likely to be the core sectors identified in the Government’s response – energy, mobile and banking.