Balancing Data Access and Privacy: Why Consent is Key for API Security

Cloudentity’s Nathanael Coffing and Jasen MeeceAxway’s Eyal Sivan and Okta’s Prashanth Ram discuss how banks can build a secure data-sharing ecosystem.

The panel starts by discussing how the pandemic has accelerated digitisation – and with that, the opening up of APIs. Organisations want to be able to make use of their customers’ data while still protecting it. But there’s a shortage of expertise in how to code securely.

High profile data leaks have made consumers more aware of privacy. Consumers increasingly want finely-grained control of how they share their data. Meanwhile, new business models rely on data being shared with multiple third party providers – not just in open banking, but as other open data ecosystems develop.

Consumers are becoming more and more comfortable sharing their data, in regions around the world, whether or not there is a regulatory mandate. They want to be able to take advantage of embedded finance.

As far as striking the right balance is concerned, standards have an important role to play. Banks should also recognise that consumers don’t have to give up privacy to get the value of data sharing – they can do both. Financial data sharing has been around for many years. The big change with open banking is moving away from insecure screenscraping and password sharing to APIs.

The discussion moves on to discuss the concept of zero trust and consumer data platforms, the role of BigTech in setting levels of data transparency, and the need for consumer education. Controlling the way data flows, while being able to share it securely, is key to the development of the new digital economy.

A very interesting discussion that touches on key technical concerns, while also tackling broader issues around data consent and privacy.