Money as Data – Centre Responsible Digitality

Duration: October 2023 until September 2024

The project Money as Data examined the use of sensitive payment data by various financial institutions such as banks, payment service providers and other players in the field of digital payments. Although this is a central area of digitalisation, the project was pioneering in this field with this analysis.

For the analysis, the framework conditions of the actors involved were first considered, who operate in a field of tension between commercial expectations of data monetisation and privacy protection requirements. Specifically, this concerned the applicability of European regulations, such as the GDPR and PSD2. While the former regulates the protection of personal data as a European regulation, one of the aims of the EU Payment Services Directive 2 is to explicitly enable the commercial use of financial transaction data by allowing third-party service providers to access bank customers’ account data and payment services, provided that the customers have given their consent.

With the help of interviews and field research at various industry events, the project has also gained insights into the data usage practices of various financial players. While these insights are not generalisable, they do show that the handling of payment data varies greatly. While technology-driven players, such as FinTechs and PayPal, show a great interest in the commercial use of financial transaction data, this is not generally the case for banks. While for some actors, the evaluation of their customers’ transaction data continues to seem promising, for others the costs involved appear to be too high. The project thus provides initial pointers for a differentiated analysis of the commercial use of transaction data and shows the potential of differentiated qualitative analyses.