By AI Trends Staff
Several large US banks recently tightened their third-party data sharing practices, a win for consumer privacy in an era when AI systems are helping with privacy regulation compliance.
The trend is expected to grow in 2020, according to an account in BankingDive. A recent security upgrade at PNC Financial Services Group in Pittsburgh kept data aggregators from gaining access to customer account numbers and routing numbers last fall. More recently, JP Morgan Chase announced it will ban third-party apps from accessing customer passwords. The bank plans to issue tokens for access to a limited amount of data in a secure form.
“Due to the evolving nature of privacy legislation and increasing fines for data mismanagement, the banking industry is beginning to take data privacy much more seriously,” stated Ray Walsh digital privacy expert at ProfPrivacy.com. “This will improve privacy and security levels for consumers, which is highly positive.”
Then comes a warning: “However, it may also be exploited by banks to restrict the number of services consumers can freely attach their account to, perhaps forcing consumers to use similar native services provided by their bank instead.”
The PNC security upgrade prevented customers from connecting to the Venmo payment platform, owned by PayPal. Instead, customers were directed to Zelle, a payment system owned by a consortium of large banks, including PNC.
Karen Larrimer, PNC’s head of retail banking and chief customer officer, was quoted as saying, “We want customers to be able to use whatever fintech app they want to use. We want to enable that. What we are really looking to do at PNC is protect the security of our customer accounts and nothing more.”
The European Union has taken a different approach, in viewing customer data as belonging to the customer and not proprietary to the bank. The EU Payments Services Directive mandates that financial institutions allow third-party operators to access customer data — with the customer’s permission. Experts expect the US will eventually follow the EU in the shift in thinking about customer privacy.
The European Union was expected to go further, by proposing the creation of a single market in data, aimed at challenging the dominance of Facebook, Google and Amazon, according to a report in Reuters. Journalists there were able to review the 25-page proposal.
“Currently a small number of big tech firms hold a large part of the world’s data. This is a major weakness for data-driven businesses to emerge, grow and innovate today, including in Europe, but huge opportunities lie ahead,” stated a paper laying out the proposal.
The paper had been expected to be presented at a European Union meeting scheduled in February. New rules would be required, covering cross-border data use, data interoperability and standards related to manufacturing, climate change, the auto industry, healthcare, financial services, agriculture and energy. Other rules in the coming months will open up more public data on geospatial, the environment, meteorology, statistics and companies’ data across the bloc for companies to use for free. The document also proposed scrapping rules that hinder data sharing.
AI Seen Playing Increasing Role in Ensuring Privacy
Meanwhile, privacy officers are under pressure to get the company’s data act together, and they are turning to AI to help. The 2019 Gartner Security and Risk Survey conducted in the spring of 2019 showed that over 40% of privacy compliance technology will rely on AI by 2023, up from 5% in 2019, according to a recent account in CMSWiRe.
Three principles can guide developers of AI systems to help protect individual privacy, suggested Ben Hartwig, chief security officer at InfoTracer:
- Enable the AI system to be easily perceived by the consumer;
- Allow the consumer to opt out of the system;
- Delete data at the consumer’s request.
“Our loss of privacy is another example of how digital technologies such as AI can work to our detriment,” he stated.
Geoff Webb, VP of strategy at PROS, sees several areas where we will see AI taking a central role in privacy and data governance, now and in the future, including:
Privacy Concierge: AI bots provide a “privacy concierge” function in which they recognize, route and service privacy data requests;
Data Classification: For businesses that need to observe privacy regulations, AI can play the role of a central manager, sweeping through data stores throughout the business, analyzing how the data needs to be classified. “The AI ‘data bridge’ is a natural fit for privacy and compliance tasks,” Webb suggested.
Preserving data privacy is likely to be costly. Data needs to be prepared for the effort. These five steps can help assure data quality, according to Darya Shmat, business development manager at the Itransition Group.
- Cleaning data at the point of capture.
- Properly labeling data when used for supervised machine learning.
- Implementing a numbering system for cross-referencing between databases.
- Maintaining a cleaned “golden copy” of data aggregated from external sources.
- Updating data to prevent its decay over time.
“I see more use cases for AI in compliance emerging right now,” Shmat said. “Natural language processing seems by far most helpful in terms of taking some administrative burden off compliance managers, but intelligent face recognition technologies have made a leap forward too in identity management.”