FIDA Changes: European Council’s Proposal and What Has Changed

On 4 December 2024, the European Council released its revised proposal (the document) for the Financial Data Access Regulation (FIDA), addressing key ambiguities and concerns raised in the European Commission’s draft. These amendments provide greater clarity on the scope of the regulation, the responsibilities of stakeholders, and the mechanisms for protecting consumers’ data.

This blog post focuses on the significant amendments introduced by the Council, highlighting the practical implications for data holders, data users, and consumers. By refining the regulatory framework, the Council aims to foster innovation while ensuring that the principles of security, transparency, and consumer control remain central to FIDA’s vision.

Key Changes Introduced by the European Council

1. Scope of Data: Refined Definitions and Exclusions

One of the Council’s primary objectives was to clarify the scope of data included in FIDA, ensuring a balance between innovation and proprietary protections.

• Inclusion of Raw Business Data:

  The regulation now explicitly covers raw data generated in the normal course of business between data holders (e.g., banks, insurers, pension funds) and their customers. This includes operational data naturally collected through customer interactions but excludes any data enriched or derived internally by the data holder.

• Exclusions for Proprietary Data:

  Internally enriched data, such as insights generated through analytical processes or proprietary algorithms, is excluded from mandatory sharing requirements. This protects the intellectual property of data holders while ensuring customers’ raw data remains accessible.

• Data Categories Explicitly Excluded:

  • Sickness, health, and life insurance data (unless part of insurance-based investment products) are excluded to avoid overlap with sensitive health-related frameworks.

  • Creditworthiness assessment data is also excluded, except for raw data provided by customers during the assessment. Importantly, the outputs of the creditworthiness process (e.g., credit scores or recommendations) are explicitly protected.

These updates reflect a more precise definition of the data subject to FIDA, aligning it with the goals of innovation and consumer control while safeguarding sensitive and proprietary information.

2. Customer Consent: Strengthened Protections

The Council has introduced robust safeguards to ensure that customers retain control over their financial data, building on GDPR principles.

• Time-Limited and Purpose-Bound Consent:

  Customers must provide consent that is freely given, specific, and limited in time. Consent forms must be clear, separate from other agreements, and must explicitly state the intended purpose of data sharing.

• Joint Permissions:

  For financial products with multiple customers (e.g., joint accounts), consent must now be obtained from all parties involved.

• Transparency for Third-Party Data:

  The regulation explicitly excludes personal data belonging to uninvolved third parties, even if it exists within a shared financial product, ensuring greater privacy for individuals outside the transaction.

• Right to Withdraw Consent:

  Customers must be able to withdraw consent at any time and free of charge, without facing undue pressure.

These measures aim to make data sharing truly voluntary, preventing misuse of customer data and ensuring that businesses operate transparently.

3. Insurance Data: Clarified Responsibilities

The Council has refined the scope of insurance-related data sharing, emphasizing clarity and consumer protection.

• Customer Definition in Insurance:

  The term ‘customer’ in insurance now explicitly excludes third-party beneficiaries (e.g., individuals indirectly covered by an insurance policy).

• Exclusion of Personal Injury Data:

  Loss and claims data associated with non-life insurance products are included, but data related to personal injuries is excluded, protecting sensitive personal information.

These changes help streamline the regulation for the insurance industry while maintaining strong consumer protections.

4. Pension Data: A Streamlined Approach

The Council’s proposal also refines the treatment of pension-related data, ensuring that the regulation is both practical and inclusive.

• Narrowed Definition of Consumer:

  The term ‘consumer’ for occupational and personal pensions is now limited to existing members or beneficiaries, excluding prospective members. This ensures that FIDA focuses on individuals who already have a contractual relationship with pension providers.

• Linking Personal Pension Data with Investments:

  The Council recognizes the potential of sharing personal pension savings data to enhance links between savers and retirement-related investments. By addressing dispersed pension data, this amendment enables individuals to better understand their financial situation and make informed decisions for improved retirement outcomes.

By refining these definitions and highlighting the importance of accessibility, the Council has addressed industry concerns while maintaining a commitment to transparency and consumer empowerment.

5. Financial Institutions: Expanded Responsibilities for Data Users

The Council’s amendments emphasize the accountability of financial institutions and data users under FIDA.

• Notification to Authorities:

  Financial institutions intending to act as data users must notify their home competent authority, providing details of their planned operations and the types of data they intend to access.

• Consumer Protection in Data Use:

  Practices employed by data users to combine FIDA-regulated financial data with other customer data must be proportional and in the customer’s best interest, ensuring compliance with consumer protection standards.

These changes ensure that data users operate transparently, responsibly, and in alignment with FIDA’s core principles.

Why These Changes Matter

The European Council’s amendments address many of the concerns raised by stakeholders in the financial and insurance sectors. By refining the scope of data, strengthening consent protections, and clarifying responsibilities for financial institutions, these changes ensure that FIDA achieves its dual objectives: fostering innovation and safeguarding consumer rights.

These updates represent a step forward in creating a secure, transparent, and interoperable framework for open finance in the EU. They also signal the Council’s commitment to ensuring that FIDA balances the needs of all stakeholders, from financial institutions to data users and consumers.

InfraFiDA: Your Partner in Navigating FIDA

As the FIDA framework takes shape, businesses across the financial ecosystem need to adapt to new regulatory requirements and opportunities. At InfraFiDA, we’re committed to helping financial institutions, fintechs, and other stakeholders thrive in the era of open finance.

For more insights on FIDA and its implications, explore our recent posts:

• How FISPs Empower Data Holders, Data Users, and Consumers Under FIDA

• FIDA and Consumer Trust: Addressing Privacy Concerns in the Insurance Industry

• The Technical Impact of FIDA and the Vision for a Financial Data Discoverability Network

Let’s build a more transparent, collaborative, and innovative financial future—together. Contact us today to learn how we can support your journey under FIDA.