Out-Law News 3 min. read
07 Mar 2013, 2:53 pm
Financial services sector head John Salmon and the Pinsent Masons financial services sector team bring you insight and analysis on what really matters in the world of financial services.
Research firm Ovum said recently that mobile banking will be "the clear IT investment priority in 2013" for banks while experts have highlighted the crucial role mobile will play in other sectors.
This will involve the use of new technologies, the changing of business models and the adapting of business processes to accommodate both the expectations of customers and the fact that the workforce has become mobile.
The use of payment technologies could be disruptive, and though many are questioning the value and staying power of near-field communications (NFC), mobile wallets and other forms of payment information storage and facilitation are receiving more positive attention.
And as an article in the Financial Times highlighted last week, going mobile is as much about 'effective corporate mobile strategies' as it is about purchasing new technology.
As financial institutions make decisions over the coming months about their mobile strategies, they will need to consider overcoming regulatory and legal hurdles that complicate the transition to a mobile focussed world. Two important considerations are: how to promote financial services and how to use location information without falling foul of regulators.
Financial promotions on a mobile device
One of these concerns arises from the mere size and shape of a mobile device's screen. All financial promotions must comply with the Financial Services Authority's (FSA) overarching rule that they be 'fair, clear and not misleading' and must also take into account guidance on giving risk warnings and other key risk information sufficient prominence. In the FSA view "Prominence can be defined as ‘the state of being easily seen’ ... [information that is] 'likely to attract attention, for instance, by virtue of its size or position’."
The FSA has also stated that it will not draw a distinction between promotional efforts which 'deliberately deceive' and those that mislead as a result of inadvertence or oversight.
In terms of mobile promotions, it is easy to see how inadvertence could result in a breach of the FSA's rules. Risk warnings and other disclosures prepared and reviewed for compliance when viewed on a desktop screen may not adequately comply when viewed on a mobile device's smaller screen. It could also be that the presentation of a financial promotion viewed through a mobile app differs significantly from its appearance on a business' website.
It is therefore important for financial institutions to re-assess any risk assessments they have made of financial promotions specifically with mobile devices in mind.
Obtaining consent to access a user's location
A related concern is the extent to which a financial institution can benefit from gaining knowledge of a user's location for the purposes of promoting its products and services or in order to provide location-specific services.
In most cases, accessing the location of a mobile device will require a business to obtain the user's prior consent. And in this regard, the US' Federal Trade Commission (FTC) has recently highlighted some interesting issues.
In a staff report on 'Mobile Privacy Disclosures: Building Trust Through Transparency' published last month, the FTC highlighted the importance of teasing out the relationship between a mobile device's platform operator, such as Apple, Google or Blackberry, and its app providers in terms of determining who is responsible for obtaining consent to access a mobile device user's location.
The FTC notes that through a platform's application programming interface (API) app providers often may access details of a user's location without first notifying them that they are doing so. It takes the view that in order to comply with US privacy laws, an app provider need only "obtain affirmative express consent before collecting and sharing sensitive information [including a user's geolocation] to the extent that platforms have not already provided such disclosures and obtained such consent."
It would be interesting to know whether the Information Commissioner's Office and other EU regulators would be willing to take a similar approach. In the context of the obligations of public network providers, the ICO has expressed the view that the way a service is provided should be consistent with the expectations of the users and that "in the interests of transparency" third parties providing location based services in many circumstances will themselves need to get consent to process location data rather than rely on consent obtained by a network.
It would seem then that if there is any doubt as to a mobile device user's expectations as to who is accessing their details of their location, before accessing such details, a prudent financial institution would want to take the risk averse approach and seek user consent themselves.