The CardLinx Association announced new aspirational principles for consumer financial data. The principles outlined in this framework promote fair, efficient and effective use of consumer data across all industries that have access to consumer financial data. The principles are designed to support CardLinx members’ implementation of data-driven products and to inform policy makers.
“We acknowledge that there exist significant complexities and different regional, national and global regulatory approaches to consumer financial data,” said Silvio Tavares, President and CEO of The CardLinx Association. “These new principles reflect the combined aspiration of our members to implement common industry best practices and standards for the safe and effective use of financial data. CardLinx members understand the importance of establishing consumer data rights as an integral component to the continued growth and innovation in our industry.”
The Framework of Consumer Digital Rights
Therefore, we announce a framework of data principles and rights, which are endorsed by The CardLinx Association, and intended to promote the fair, efficient and effective use of consumer data. The framework as listed below represents our aspirational goals. The specific implementation of these principles will depend on what data was collected, why and how it is being used.
Consumer Data Transparency Rights
- The Right to Transparency – Consumers shall have the right to be provided with clear understandable statements that help inform them about financial data collection, use, sharing, and retention in connection with their enrollment in a third-party program that includes such data. This includes being presented with a clear notice about the purpose of the data collection and the context of the relationship between the consumer and the company requesting enrollment of their credit/debit card in the program.
- The Right to Consent – Consumers that enroll in a program shall have the right to be presented with an explicit consent, for example, similar to the CardLinx Consent Honeybee Standard, that helps them understand the purpose of processing their personal credit/debit card details within the context of the relationship between the individual to whom the data pertains and the organization requesting the enrollment of the credit/debit card.
- The Right to Consumer Choice and Control – Companies that provide programs to consumers with enrolled debit/credit cards shall have appropriate controls to allow a consumer the right to have a choice over how their financial and associated data is used, and limit disclosure. Unless required to perform the service, and where it is not covered under a company’s privacy statement or a law enforcement request, consumers should also have the right to know what personal financial and associated data is disclosed to third-parties, to request such disclosure not take place, or prohibit marketing of personal data.
- The Right to Access – Consumers shall have the right to reasonable access to the personal data held by the organization providing the program in which the consumer has enrolled, including observational data, inferences derived from browsing history, social media, or location tracking.
- The Right to Data Portability – Consumers shall have the right to receive a copy of their personal financial data from the company providing the program (in which the consumer has enrolled) in a portable, commonly used and machine-readable format.
- The Right to Correct and Delete Data – Consumers shall have the right to ensure that financial and associated data should be correct and accurate. Consumers shall also have, where reasonable, the right to correct inaccuracies of such data and have such data deleted.
- The Right to Data Security – Consumers shall have the right to ensure that their data should be appropriately secured in a way that is commensurate with the sensitivity of the data and current/established standards.
To view the background and additional information about the framework, please click here.