Connect with us

Fintech

Just because its legal, it doesnt mean its right

Avatar

Published

on

Companies often tout their compliance with industry standards — I’m sure you’ve seen the logos, stamps and “Privacy Shield Compliant” declarations. As we, and the FTC, were reminded a few months ago, that label does not mean that the criteria was met initially, much less years later when finally subjected to government review.

Alastair Mactaggart — an activist who helped promote the California Consumer Privacy Act (CCPA) — has threatened a ballot initiative allowing companies to voluntarily certify compliance with CCPA 2.0 to the still-unformed agency. While that kind of advertising seems like a no-brainer for companies looking to stay competitive in a market that values privacy and security, is it actually? Business considerations aside, is there a moral obligation to comply with all existing privacy laws, and is a company unethical for relying on exemptions from such laws?

I reject the notion that compliance with the law and morality are the same thing — or that one denotes the other. In reality, it’s a nuanced decision based on cost, client base, risk tolerance and other factors. Moreover, giving voluntary compliance the appearance of additional trust or altruism is actually harmful to consumers because our current system does not permit effective or timely oversight and the type of remedies available after the fact do not address the actual harms suffered.

It’s not unethical to rely on an exemption

Compliance is not tied to morality.

At its heart is a cost analysis, and a nuanced analysis at that. Privacy laws — as much as legislators want to believe otherwise — are not black and white in their implementation. Not all unregulated data collection is nefarious and not all companies that comply (voluntarily or otherwise) are purely altruistic. While penalties have a financial cost, data collection is a revenue source for many because of the knowledge and insights gained from large stores of varied data — and other companies’ need to access that data.

They balance the cost of building compliant systems and processes and amending existing agreements with often thousands of service providers with the loss of business of not being able to provide those services to consumers covered by those laws.

There is also the matter of applicable laws. Complying with a law may interfere or lessen the protections offered by the laws you follow that make you exempt in the first place, for instance, where one law prohibits you from sharing certain information for security purposes and another would require you to disclose it and make both the data and the person less secure.

Strict compliance also allows companies to rest on their laurels while taking advantage of a privacy-first reputation. The law is the minimum standard, while ethics are meant to prescribe the maximum. Complying, even with an inapplicable law, is quite literally the least the company can do. It also then puts them in a position to not make additional choices or innovate because they have already done more than what is expected. This is particularly true with technology-based laws, where legislation often lags behind the industry and its capabilities.

Moreover, who decides what is ethical varies by time, culture and power dynamics. Complying with the strict letter of a law meant to cover everyone does not take into account that companies in different industries use data differently. Companies are trying to fit into a framework without even answering the question of which framework they should voluntarily comply with. I can hear you now: “That’s easy! The one with the highest/strongest/strictest standard for collection.”  These are all adjectives that get thrown around when talking about a federal privacy law. However, “highest,” “most,” and “strongest,” are all subjective and do not live in a vacuum, especially if states start coming out with their own patchwork of privacy laws.

I’m sure there are people that say that Massachusetts — which prohibits a company from providing any details to an impacted consumer — offers the “most” consumer protection, while there is a camp that believes providing as much detailed information as possible — like California and its sample template — provides the “most” protection. Who is right? This does not even take into account that data collection can happen across multiple states. In those instances, which law would cover that individual?

Government agencies can’t currently provide sufficient oversight

Slapping a certification onto your website that you know you don’t meet has been treated as an unfair and deceptive practice by the FTC. However, the FTC generally does not have fining authority on a first-time violation. And while it can force companies to compensate consumers, damages can be very difficult to calculate.
Unfortunately, damages for privacy violations are even harder to prove in court; funds that are obtained go disproportionately to counsel, with each individual receiving a de minimis payout, if they even make it to court. The Supreme Court has indicated through their holdings in Clapper v. Amnesty Intern., USA. 133 S. Ct. 1138 (2013), and Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), that damages like the potential of fraud or ramifications form data loss or misuse are too speculative to have standing to maintain a lawsuit.

This puts the FTC in a weaker negotiating position to get results with as few resources expended as possible, particularly as the FTC can only do so much — it has limited jurisdiction and no control over banks or nonprofits. To echo Commissioner Noah Phillips, this won’t change without a federal privacy law that sets clear limits on data use and damages and gives the FTC greater power to enforce these limits in litigation.

Finally, in addition to these legal constraints, the FTC is understaffed in privacy, with approximately 40 full-time staff members dedicated to protecting the privacy of more than 320 million Americans. To adequately police privacy, the FTC needs more lawyers, more investigators, more technologists and state-of-the-art tech tools. Otherwise, it will continue to fund certain investigations at the cost of understaffing others.

Outsourcing oversight to a private company may not fare any better — for the simple fact that such certification will come at a high price (especially in the beginning), leaving medium and small-sized businesses at a competitive disadvantage. Further, unlike a company’s privacy professionals and legal team, a certification firm is more likely to look to compliance with the letter of the law — putting form over substance — instead of addressing the nuances of any particular business’ data use models.

Existing remedies don’t address consumer harms

Say an agency does come down with an enforcement action, the types of penalty powers that those agencies have currently do not adequately address the consumer harm. That is largely because compliance with a privacy legislation is not an on-off switch and the current regime is focused more on financial restitution.
Even where there are prescribed actions to come into compliance with the law, that compliance takes years and does not address the ramifications of historic non-compliant data use.

Take CNIL’s formal notice against Vectuary for failing to collect informed, affirmative consent. Vectuary collected geolocation data from mobile app users to provide marketing services to retailers using a consent management platform that it developed implementing the IAB (a self-regulating association) Transparency and Consent Framework. This notice warrants particular attention because Vectuary was following an established trade association guideline, and yet its consent was deemed invalid.

As a result, CNIL put Vectuary on notice to cease processing data this way and to delete data collected during that period. And while this can be counted as a victory because the decision forced the company to rebuild their systems  — how many companies would have the budget to do this, if they didn’t have the resources to comply in the first place? Further, this will take time, so what happens to their business model in the meantime? Can they continue to be non-compliant, in theory until the agency-set deadline for compliance is met? Even if the underlying data is deleted — none of the parties they shared the data with or the inferences they built on it were impacted.

The water is even murkier when you’re examining remedies for false Privacy Shield self-certification. A Privacy Shield logo on a company’s site essentially says that the company believes that its cross-border data transfers are adequately secured and the transfers are limited to parties the company believes has responsible data practices. So if a company is found to have falsely made those underlying representations (or failed to comply with another requirement), they would have to stop conducting those transfers and if that is part of how their services are provided, do they just have to stop providing those services to their customers immediately?

It seems in practice that choosing not to comply with an otherwise inapplicable law is not a matter of not caring about your customers or about moral failings, it is quite literally just “not how anything works,” nor is there any added consumer benefit in trying to — and isn’t that what counts in the end — consumers?

Opinions expressed in this article are those of the author and not of her firm, investors, clients or others.

Read more: https://techcrunch.com/2019/12/20/just-because-its-legal-it-doesnt-mean-its-right/

Crowdfunding

Canadian Digital Banking Platform Relay Secures $19.4 Million

Avatar

Published

on

Relay, a Canada-based digital banking platform for small businesses, announced on Thursday it raised US$19.4 million in funding, which includes US$15 million through its Series A funding round that was led by Bain Capital Ventures and seed round of $4.4 million led by Better Tomorrow Ventures, Garage Capital, Tribe Capital, Panache, and Amaranthine.

Founded in 2018, Relay is looking to fully automate the finance function for small businesses through banking that deeply integrates into the back-office systems business owners rely on. The company’s product increases financial visibility and security while significantly reducing time spent on administration. Relay also noted that it is “building banking that is tailor-made” for employer SMBs, offering more customized functionality and support than a traditional bank. Relay Co-Founder and CEO, Yoseph West, further explained:

“Eighty-two percent of businesses fail due to cash flow issues, and traditional banking doesn’t help — business banking is often confusing, expensive, and siloed from other systems. We’re building a challenger bank that helps businesses succeed by offering powerful tools to increase cash flow visibility and streamline time-consuming financial processes — in addition to being affordable and easy to use.”

Relay is on track to have processed $1 billion worth of transactions by the end of 2021. The company went on to add that the funds will be used to accelerate its mission to increase the success rate of small businesses by automating financial management for business owners.

Relay will use this funding to increase customer acquisition, grow the engineering and product teams, and further integrate its platform into the small business back office.”

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.crowdfundinsider.com/2021/05/175335-canadian-digital-banking-platform-relay-secures-19-4-million/

Continue Reading

Fintech

W.UP Launches Money Stories to Win Consumers’ Divided Attention

Avatar

Published

on

Customer-focused banking tools provider W.UP revealed its latest development today. The Hungary-based company is launching Money Stories.

The new embeddable tool enables banks to offer their customers bite-sized snapshots of their financial lives. These easily consumable bits of content combine data analytics with digital storytelling to make it even easier for banks to help users to understand their financial standing in a fast-paced way.

The new tool takes the concept from millennial-friendly mobile apps such as Snapchat, Instagram, Facebook, and Twitter. Each of these social media platforms are notorious for enabling users to quickly publish and view life updates and ideas, share new songs, and even exchange gossip. The micro-content requires little attention from viewers, who are easily distracted and prone to multi-tasking.

Similarly, Money Stories leverages transactional and behavioral analytics to show users daily highlights, weekly and monthly forecasts, and yearly summaries. Overall, these updates take the form of unusually large transactions, double charges, sharp balance drops, recurring transitions, top spending categories, changes in spending or credit card usage, and more. In addition to showing users their historical data, Money Stories can also help users plan for the future by showing options to pay off credit card debt, avoid overdrafts, and more.

All of the graphics appear on a single screen for seven-to-ten seconds, so the user does not need to scroll or set aside much time in their day to understand the analyses.

W.UP is keeping the integration easy for banks. “When all is said and done, the only decision for banks to make remains what product and service offers to slide into the story stream to boost targeting accuracy, conversion, and customer satisfaction levels,” said W.UP Head of Product Gellért Vinnai.

Founded in 2014, W.UP takes PFM to a personalized level by leveraging AI and real-time data. These product offerings have obviously struck a chord in the banking crowd; the company has won Best of Show awards at FinovateEurope 2018, 2019, and most recently for its demo in 2020.


Photo by Karolina Grabowska from Pexels

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://finovate.com/w-up-launches-money-stories-to-win-consumers-divided-attention/

Continue Reading

Fintech

Fintech Rho rolls out corporate card alongside BaaS offering

Avatar

Published

on

Fintech Rho Technologies today announced the roll out of its bank-issued corporate card coupled with its banking-as-a-service offering, which operates as a financial management platform on top of banking services provided by $691 million Evolve Bank and Trust. While banking as a service has been a growing trend during the past year, banking fintechs have […]

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://bankautomationnews.com/allposts/corp-bank/fintech-rho-rolls-out-corporate-card-alongside-baas-offering/

Continue Reading

Crowdfunding

Cash Still King? UK FCA Says 5 Million Still Count on Cash for Majority of Transactions

Avatar

Published

on

In a digital world, physical cash still counts. A lot, according to UK regulators.

A speech delivered today by Sheldon Mills, Executive Director for Consumers and Competition at the Financial Conduct Authority (FCA), he revealed that 5 million individuals still count on the pound sterling for the majority of their purchases. Additionally, 750,000 or one in seven adults struggled with cash point and bank branch closures during the COVID-19 health crisis. As one may anticipate, the majority of these individuals are elderly, or perhaps small businesses.

The Death of the Bank Branch? Not So Fast.

Mills says that the transition from face-to-face services to online or telephone will take time. There are times when an in-person meeting is easier, it seems.

Mills adds:

“Based on our evidence, we believe that access to cash across the UK is generally good for most people. 95% can access cash in urban areas within 650 metres and in rural areas within 3.5 km. Only around 150,000 people live more than around 5 km away from their nearest access point. And of course, in addition to bank branches, Post Office counter services and ATMs provide a significant and important part of the existing geographic coverage. The Post Office has national access criteria requiring that 99% of the population must live in areas within 3 miles [or 5 km] of their nearest Post Office, and 90% within 1 mile [1.6 km].”

While cash use is declining due to the ubiquitous nature of digital alternatives, cash continues to be needed. Perhaps, cash is no longer king but digital is not quite satisfying all the requirements of the population. UK firms are responsible for making sure that when a branch or ATM closes, there are alternatives in the area.

An updated review of the UK’s cash infrastructure is expected to be released this summer.

A joint statement by the FCA and PSR states that cash must remain available to the masses:

“The overall decline in the use of cash makes it more expensive to maintain the existing infrastructure that supports it. However, as we move out of the pandemic, cash continues to serve a socially useful purpose for many communities. Following a fall in ATM withdrawals of 40% year-on-year across 2020, withdrawals have started to increase again since restrictions have begun to ease. Although our data shows that most people can access cash easily now, there is a need to maintain access to cash and banking services for those that still need it, particularly vulnerable consumers. At the same time, a critical part of maintaining this access will be supporting others that can to transition to digital and other alternative ways of banking and making payments.”

Sheldons states:

“… the nature of cash use and everyday banking is changing, and we should acknowledge that and help people to transition where they are able to. However, we must also all work together to protect the ability of consumers to access cash and banking services in ways that meet their needs.”

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.crowdfundinsider.com/2021/05/175324-cash-still-king-uk-fca-says-5-million-still-count-on-cash-for-majority-of-transactions/

Continue Reading
Aviation5 days ago

JetBlue Hits Back At Eastern Airlines On Ecuador Flights

Blockchain5 days ago

“Privacy is a ‘Privilege’ that Users Ought to Cherish”: Elena Nadoliksi

AI2 days ago

Build a cognitive search and a health knowledge graph using AWS AI services

Blockchain21 hours ago

Shiba Inu: Know How to Buy the New Dogecoin Rival

Blockchain2 days ago

Meme Coins Craze Attracting Money Behind Fall of Bitcoin

Energy3 days ago

ONE Gas to Participate in American Gas Association Financial Forum

SaaS5 days ago

Blockchain4 days ago

Yieldly announces IDO

Esports3 days ago

Pokémon Go Special Weekend announced, features global partners like Verizon, 7-Eleven Mexico, and Yoshinoya

Fintech3 days ago

Credit Karma Launches Instant Karma Rewards

Blockchain5 days ago

Opimas estimates that over US$190 billion worth of Bitcoin is currently at risk due to subpar safekeeping

SaaS5 days ago

Blockchain2 days ago

Sentiment Flippening: Why This Bitcoin Expert Doesn’t Own Ethereum

Esports2 days ago

Valve launches Supporters Clubs, allows fans to directly support Dota Pro Circuit teams

SaaS5 days ago

Business Insider3 days ago

Bella Aurora launches its first treatment for white patches on the skin

Esports1 day ago

‘Destroy Sandcastles’ in Fortnite Locations Explained

Esports4 days ago

5 Best Mid Laners in League of Legends Patch 11.10

Cyber Security4 days ago

Top Tips On Why And How To Get A Cyber Security Degree ?

Esports3 days ago

How to download PUBG Mobile’s patch 1.4 update

Trending