Exploring Regulatory Coordinates for Data Fiduciaries in the Era of Open Banking

Abstract

開放銀行浪潮有助於提升消費者的資料自主，推動金融體系的競爭與創新，進而實現消費者資料賦權的願景。然而，實現此願景仍有待解的核心問題：亦即究須具備如何之條件，一個組織方能成為經消費者授權而向銀行取得資料的適格者？申言之，政府究應如何看待與監理開放銀行脈絡下的第三方業者？本文主張，開放銀行下的第三方業者，本質上係取得消費者對其處理自身資料的信任，因此可將之視為「資料受信者」。本文從產業生態圈及組織定性兩大維度，將資料受信者可能的監理座標加以類型化成三種型態：銀行生態圈的受託者或合作者、金融生態圈的金融資訊服務業者，以及數位經濟生態圈的特許資料接受事業，並嘗試針對我國提出一個兩階段式的修法策略路徑，盼能引發產官學界就此議題的深入對話。<br />The wave of open banking holds great potential to enhance consumer data autonomy, promote competition and innovation in the financial system, and give rise to consumer data empowerment. However, the realization of such a vision depends on the solution of a difficult regulatory issue: the criteria for a third-party provider that is permitted to access data from banks upon the consent and request of consumers. This in fact begs the fundamental question of how a government should treat and regulate third-party providers in the context of open banking. This article argues that the third-party providers can be understood as“data fiduciaries”in that they are entrusted by the consumer to process and provide extra value to their data. This article further explores and proposes three possible regulatory coordinates for data fiduciaries based on two dimensions: ecosystem boundary and institutional attribute. Specifically, the three types of regulatory coordinates are fiduciaries and cooperators in the banking ecosystem, special financial information service providers in the financial ecosystem, and chartered data recipients in the digital economy ecosystem. This article also proposes a two-stage legal/policymaking strategic pathway for Taiwan with the hope to develop a more delicate conversation between regulators, industries and the academia.<br />