Free our bank data

Full disclaimer: I worked for Spiir a couple of years back.

Why is it that you as a banking customer aren’t the owner of the data you generate?

The reason for this post was a recent incident in my home country Denmark, a Danish startup Spiir was reported to the police by the third largest bank in Denmark, Jyske Bank who is accusing Spiir of using “hacker-methods” to unlawfully gain access to users’ financial data.

Background

Spiir enables users to get a complete overview of their economy by analyzing transactions. In the early days of Spiir, the only way of getting your transactions from your bank into Spiir was by exporting, one account at a time, into CSV files and then importing these into Spiir. It worked, but it was too much of a hassle and broke the immediate feedback-loop that was important if users were to spend time on something as unsexy as bank data.

Spiir started a partnership with another Danish bank, Lån & Spar Bank, that allowed for automatic transfer of data from the bank to Spiir — if the customer wanted so. Most of the other banks were not as keen on this kind of partnership, even though their users were publicly asking for the integration.

Spiir then started looking at alternative solutions, so that their users could do what they wanted with their own bank data. It was clear that the banks were using relatively simple APIs for their own clients (mobile applications, etc.), which could potentially allow users to programmatically access their own data more easily than the manual CSV export.

After substantial investments into the legal aspects of this new kind of integration, Spiir launched an automatic synchronization of the bank data to Spiir. The legal aspects of this synchronization are clear because Spiir is only accessing the bank’s API on instructions from the user and not in a way that the user himself couldn’t access it. Furthermore, Spiir is only accessing the user’s data for the use of that specific user. The legal justification from Spiir can be found right here.

It is this particular integration that Jyske Bank find illegal. We are talking about a service that simply accesses an API on behalf of a customer who wants to use their own data in a way that the bank doesn’t approve of.

Even though Jyske Bank keeps calling Spiir’s methods for hacker-methods, it is clear to anybody who have the slightest technical knowledge that those claims are without merit. An example of the hack can be seen in this Gist by @soerenr.

Market disruption

This is a market ripe for a significant technological disruption, and we are already seeing players attacking this market from multiple positions.

We see it in the customer-facing sides of the market with startups such as Simple, Numbrs, Moven, Holvi, Tink, RocketBank, and so on. But I think, just as importantly, we are seeing startups focused on making the data from financial-institutions more easily accessible for developers and users:

  • Plaid recently raised a considerable funding round
  • figo seems to be gaining momentum in Germany
  • Open Bank Project sounds very promising
  • Standard Treasury(YC S13) aims at easing the hassle for businesses integrating with banks

It is time for the banking world to wake up and realize that the world around them have changed completely.

Free your own data

We should demand that our providers, no matter what type (bank, email, social network, etc.), set our data free. After all, we are the ones who generated and accumulated the data in the first place - is it not only fair that we can do whatever we want with it?

Every time I see company fighting this hard to keep user data to themselves, I can’t help but think that either they are relying on a dying business-model or they just simply don’t get what is happening around them. I don’t see how companies that actively fight against their customers’ wishes can survive in this day and age.

I, of course, know that change takes time, especially when it comes to big slow-moving companies such as banks, but that shouldn’t stop us from pursuing more open data from the services we use everyday.