Data portability, or data mobility, is a core tenet of many Open Banking (or consumer-driven banking) initiatives globally. It gives consumers and businesses even greater control over their data, allowing them to securely transfer information from one organization to another. 

This principle of data portability is embedded within a new statutory right in the recently reformed and proposed Canadian privacy laws, specifically Law 25 in Quebec. This law is especially important as it signifies the first step towards statutory provisions that will influence the development of Canada’s Open Banking ecosystem. With further reforms likely on the horizon, Law 25 presents a strategic opportunity for future-focused organizations to gain a significant competitive advantage in Canada's developing Open Banking landscape. Organizations can leverage their Open Banking investments to proactively comply with privacy regulations such as Law 25, helping them simultaneously accelerate their Open Banking readiness, which positions them for success, early on.

First, what is Open Banking?

Open Banking refers to various initiatives by governments and industry to provide consumers and businesses with enhanced access and control of their financial data. This is achieved by securely allowing them to access and share banking information with financial institutions and third-party service providers. 

Open Banking offers more than just secure data sharing; it is a catalyst for the creation of innovative financial services while prioritizing privacy protections and data rights. 

What is the Right to Data Portability?

In Canada, both federal and provincial privacy laws grant individuals certain rights, known as data subject rights. These rights include access to personal information held by organizations or the government, the right to withdraw consent for data collection, use and disclosure, and the right to correct inaccuracies in such information.

Recently reformed and proposed privacy laws, both in Canada and abroad, have introduced new data subject rights, including the right to data portability. 

For example, Law 25, Quebec’s recently reformed privacy law, which concerns protection of personal information held by public bodies and private enterprises, contains new provisions for data portability. These give individuals the right to obtain “computerized personal information” from a company in a “structured, commonly used technological format,” and the ability to request that information be disclosed to authorized third parties.¹

Similarly, the federal government’s proposed privacy law, the Consumer Privacy Protection Act (CPPA), set to replace the Personal Information Protection and Electronic Documents Act (PIPEDA), introduces the concept of 'data mobility.’ This enables individuals with a statutory right to request that an organization holding their personal information disclose such data to another organization.²

What is the Relationship between Data Portability Rights and Open Banking?

At its core, Open Banking aims to enable more secure and effective access to financial information and services through consent-based data portability.³

Simply put, the data portability rights granted by Law 25 and the CPPA would offer consumers an enhanced way to access their personal information held by financial institutions and other organizations. It also provides consumers with the ability to request that these enterprises share their personal information with third party service providers. 

It is expected that if the CPPA is enacted, it will align data mobility provisions to also enable Open Banking since it addresses many of the same obligations for privacy and security. In essence, this offers a prospect for organizations to use their Open Banking investments more efficiently. 

Rather than developing ad-hoc or unique systems to comply with Law 25 and the proposed CPPA, organizations can simply enable secure interaction and sharing of financial information with API-based data transfers that will also enable Open Banking. In doing so, organizations taking steps to comply with new and upcoming privacy laws will be able to achieve investment efficiencies while enhancing consumer control over their financial information. 

Symcor’s COR.CONNECT Open Banking Solutions Facilitate Consumer Data Portability 

Data portability is, in fact, a fundamental feature of Symcor’s COR.CONNECT Open Banking solutions, providing a secure technical platform for streamlined access to a trusted network of data recipients and data providers. This platform ultimately helps to facilitate the secure exchange of user-permissioned data, empowering Canadians to control how and with whom they share their financial information.
For organizations taking proactive steps to comply with Law 25 and upcoming reforms, there is an opportunity to accelerate Open Banking readiness by facilitating API-based data transfers while creating efficiencies in spend by utilizing their Open Banking investment. This strategic move enables early adopters to introduce innovative services for their customers and optimize their overall spend while maintaining a robust focus on data privacy and security. 

Symcor has a proven track record for over 25 years as a trusted partner to Canada’s largest organizations, delivering results and operating with an ideal balance of agility and security, which are critical to support an inclusive Open Banking system in Canada.

Find out how Symcor can accelerate your Open Banking readiness:  Symcor.ca/COR.CONNECT 

Sources:
1 - Bill 64 - Assented to (gouv.qc.ca)
2 – Bill C-27 Part 1 enacts the Consumer Privacy Protection Act
3 - Data portability in open banking: Privacy and other cross-cutting issues