.svg)
Set to go live in 2027, the Financial Data Access (FiDA) regulation proposed by the European Commission represents the next step for open finance in the European Union, with implications across the banking and insurance sectors and beyond.
Earlier this year, at the 2024 Adobe FSI Summit in Paris, our CEO Romain Gauthier hosted a presentation about FiDA, what it means for actors in the finance industry, and where data privacy (and Didomi) fit into all this.
In this article, we review his presentation's main points, present the upcoming regulation and its implications, and answer your questions.
What is Financial Data Access (FIDA)? Timeline, scope, and requirements
The Financial Data Access (FIDA) regulation is a framework proposal designed to enhance and secure the sharing and access of financial data across the European Economic Area (EEA) and is part of the European strategy for data.
Looking to implement a European financial data space, FiDA’s key objective is to provide EU consumers with more control over their data and to require data holders to share customer data upon request. Essentially, FiDA will provide:
- More transparency, thanks to clear and transparent communication on how customer data is used and shared among financial institutions.
- Granular customer consent, empowering customers with the ability to grant, manage, and withdraw consent for data sharing.
- Enhanced security, by implementing stringent security measures for the protection and handling of financial data.
- Standardization of user data and technical interfaces to defragment financial services’ data practices.
FiDA would apply to Financial Information Service Providers (FISPs), defined as data holders authorized by their customers to access their data to provide financial information services
Data impacted would include mortgage information, creditworthiness assessment, investments in financial instruments, insurance-based investment products, crypto assets, real estate, non-life insurance products, and more. For a comprehensive list, read the full FiDA proposal.
To reach these objectives, FiDA introduces new concepts, such as data use perimeters, which limit the scope of financial services, and permission dashboards, which provide granular control to consumers over their data:
(Source: Proposal for a regulation on a framework for financial data access (FIDA) - European Commission, 2023. Representation authorized under CC BY 4.0 license)
Permission dashboards, specifically, aim to uphold the purpose limitation principle, which states that FISPs should only process personal data for necessary and specified purposes. They allow consumers to manage, withdraw, and re-establish permissions for their data use via an interface, providing an overview of each ongoing permission granted, the purpose of access, categories of data shared, and the validity period.
If this sounds familiar to you, you’re not alone: Our Consent Management Platform (CMP) has been our flagship product since the advent of the General Data Protection Regulation (GDPR), and we are excited to provide our services and solutions to Financial Information Service Providers towards a more open and transparent financial sector.
{{discover-the-didomi-cmp}}
Submitted by the European Commission in June 2023, the fully-fledged regulation is set to go live in early 2027, provided that it successfully gets past discussions between the European Commission and the European Parliament:
What will the impact of FiDA be, and how to get ready (checklist)?
For organizations in the banking and insurance industries, the impact of FiDA will be three-fold:
- Regulatory Compliance: FiDA will require banks and insurance companies to comply with unified data access and sharing standards.
- Operational Adaptations: Compliance with FiDA will call for changes in IT infrastructure to support real-time data access and consent management.
- Customer Relationship: The regulation will present an opportunity to strengthen trust and transparency with customers, enhancing customer satisfaction and loyalty.
There are 7 steps financial services institutions should take (starting now) to be ready for 2027, when the regulations fully take effect:
1. Systems integration (mid 2024)
The first step is integrating privacy and consent management tools with core financial systems. Concrete actions include designing and deploying technical integrations that ensure real-time synchronization of customer consents and data access permissions across all platforms.
2. Comprehensive testing and validation (end of 2024)
Before going further, organizations should test their consent management and data handling functionalities to ensure that all newly integrated systems and processes work correctly and comply with FIDA requirements.
3. Staff training and development (early 2025)
Next, employees must be trained on the new systems and compliance requirements under FIDA. Training programs should focus on practical implications for daily operations and legal compliance.
4. Customer communication strategy (mid 2025)
By mid-2025, organizations must inform their customers about how their data will be handled under FIDA and how they can manage their consent preferences. We suggest launching an awareness campaign using all consented communication channels to ensure your audience understands their rights and the measures you’re taking to protect their privacy.
5. Compliance audit and adjustments (late 2025)
Before final implementation, all systems, processes, and practices must be checked for compliance with FIDA.
6. Operational readiness and final optimization (2026)
During the last stretch before the deadline, organizations are strongly advised to conduct extensive testing and fix any issues before the new regulatory framework starts in 2027.
7. Go-live and continuous monitoring (early 2027)
FiDA is expected to take action sometime in early 2027. Upon successful transition to the new regulatory environment, organizations must establish ongoing monitoring and reporting mechanisms to ensure continuous compliance and address emerging challenges.
What does FiDA mean for the data privacy industry?
While FiDA represents a major shift in the pursuit of open finance in the EU, it also represents an interesting shift in the approach towards data privacy, something our CEO noted during his presentation:
“Beyond the deep implications for the finance industry and the European Union at large, FiDA embodies a much larger phenomenon that we could call the verticalization of privacy:
Regulators are adapting privacy principles to various industries, increasingly dictating the pace and depth of the privacy transformation they must undergo.
As one of the early companies to help organizations tackle the challenges presented by privacy regulations worldwide, we welcome this evolution as a validating opportunity to provide our expertise and continue pursuing our mission: helping organizations create compliant user experiences that respect people's choices and strengthen the bonds between brands and their customers.”
- Romain Gauthier, CEO and co-founder at Didomi
This sentiment is echoed by our Chief Privacy Officer, Thomas Adhumeau, who predicted in these pages earlier this year that consent will increasingly start to become a priority outside of the data privacy world, as evidenced by FiDA as well as other regulations such as the Digital Markets Act (DMA) and the Digital Services Act (DSA) in the EU:
"Consent, once the exclusive domain of privacy laws, has now become the linchpin in a broader regulatory context, including consumer protection and competition law. With the DMA and DSA, we're seeing a shift towards greater user empowerment—where consent is integral not only for data privacy but also for transparency in advertising and fair data practices among gatekeepers."
- Thomas Adhumeau, Chief Privacy Officer at Didomi
FiDA, alongside other regulatory efforts in the European Union, will require organizations to collaborate with partners with deep expertise and flexible solutions. To discuss your data privacy compliance and how Didomi can help you get ready for FiDa, book a time with one of our experts:
{{talk-to-an-expert}}
