Banks, businesses and consumers fundamentally altered how they interacted with each other in the early months of the COVID-19 pandemic — and regulators tasked with making sure their data and payments are kept safe took notice. Open banking rules have continued to evolve during the global health crisis, but the pandemic has given regulators and financial authorities new questions to tackle.
One area where the pandemic may significantly impact emerging data protection and open banking rules is the Middle East and North African region (MENA). Regulators in countries like Egypt have only recently rolled out their data protection rules. Saudi Arabia and the United Arab Emirates are attempting to square away increasing consumer use of online channels with their privacy and banking standards. Consumers and merchants themselves are expressing their own opinions on how their information should be stored or treated. Meanwhile, something that could also have an impact on how these rules are eventually ratified, upgraded or amended in the coming years.
In the latest Merchants Guide to Navigating Global Payments Regulations, PYMNTS analyzes how open banking and data privacy regulations are developing within the MENA region, and how the ongoing coronavirus pandemic could affect the future shape and scale of such rules.
Around The Data Protection World
The ongoing pandemic has caused many regulators in the MENA region to examine the digital and open banking infrastructure they have in place. The FinTech ecosystem within Saudi Arabia has been expanding steadily over the past decade, for example, with more than 60 FinTechs now operating, compared to the 20 companies operating within the country in 2019. This bump can be partially attributed to increased regulatory attention, as the country’s Monetary Authority — among its other financial regulators — have issued more licenses for financial startups to develop proofs-of-concept and products over the past year. The aim of doing so is to create a more robust framework for digital banking.
This is also the aim behind several regulatory changes taking place in other MENA markets, notably Egypt. The country’s Data Protection Law was announced in 2019 and officially came into effect in July 2020. The rule aims to give Egyptian businesses new guidelines for how they can process and store their consumers’ data digitally and is designed to further stimulate the growth of online banking within the market. The rule takes some inspiration from the EU’s General Data Protection Regulation (GDPR), in that, similar to the EU’s regulation, there are financial penalties for companies that do not adhere to these online privacy standards. Egypt’s rule only concerns the storage of digital or electronic data; however, while GDPR’s mandate more broadly applies to the storage of all consumer or private information.
Where exactly GDPR applies and how broadly it reaches remains confusing for many companies, even two years after the rule was first put into place. Large-scale technology firms have fallen under fire for failing to comply with its requirements since it was first ratified. The latest to come under the regulatory spotlight are firms Oracle and Salesforce, with both companies facing allegations that the way they handle digital data falls short of the standards put in place by GDPR. The allegations were made public by Dutch consumer privacy advocacy organization The Privacy Collective, an entity that has also expressed the intention to file a corresponding legal claim in the Netherlands’ courts. The ensuing lawsuit would represent the country’s largest class-action GDPR lawsuit.
For more on these and other stories, visit the Tracker’s News & Trends.
Why Pandemic-Driven Online Payment Spikes Are Pushing Middle Eastern Regulators To Confront Privacy Questions
The MENA region experienced the same rush of consumers to digital channels as many other global regions during the first months of the pandemic, something that has, in turn, prompted higher scrutiny on digital privacy. Yet many Middle Eastern countries are operating under data privacy or protection rules that have not been upgraded in decades, something that could leave their banks, businesses and consumers open to increasing fraud. Oren Paran, managing director for Israeli startup firm Retail Innovation Club and David Macadam, CEO of retail consortium The Middle East Council of Shopping Centres & Retailers (MESC) discuss in the Tracker’s Feature Story how online privacy and financial regulations have been shifted in the Middle East due to the ongoing pandemic.
Deep Dive: How Consumers’ Changing Payment Preferences Are Affecting MENA Privacy Laws
Consumers in MENA have become more comfortable with digital banking and payment solutions in recent months, but some are still wary of sharing certain details online. For example, one recent study found that 84 percent of the United Arab Emirates (UAE) consumers have attempted to remove information they view as private from websites or social media platforms. The growing interest among individuals in online security and privacy has filtered to regulators, many of whom pay close attention to rising questions in this space. This could come to have a significant impact on how rules governing the transfer and storage of digital information is regulated within the UAE and other regions in MENA. To learn more about how the pandemic is changing consumers’ payment wants and needs and how this affects the construction of related regulations, visit the Tracker’s Deep Dive.
About The Tracker
The Merchants Guide To Navigating Global Payments Regulations, powered by Ekata, is the go-to monthly resource for updates on the trends and changes regarding PSD2 as well as other privacy and data protection regulations.