FIDA: Requirements, rights and obligations for data access
In principle, data owners are obliged to make end customer data available to the corresponding data users at the customer's request. In return, data users are obliged to use the customer data exclusively for the specified purpose.
In principle, data should be passed on via standardized interfaces (APIs) analogous to PSD2 in order to ensure improved cooperation in the industry. These interfaces are to be regulated in a binding manner for all market participants and applications within corresponding committees. Data owners can demand an appropriate fee from data users to compensate for the costs of setting up such interfaces.
FIDA takes into account both personal and non-personal data that is collected and processed as part of the normal business activities of financial institutions. Examples in the banking sector include mortgage loan agreements and crypto-assets. For insurance companies, products in the area of insurance-based investment products (IBIP), pensions and property and casualty insurance are particularly affected. Data from health and life insurance policies and biometric products are excluded from FIDA.
A key element of FIDA from the end customer's perspective will be the mandatory introduction of a dashboard. This is to be provided by the data owner. The dashboard allows customers to obtain transparency about their data processing at any time and to control authorizations.