Reports that Google
intends to enter the consumer banking
space through a partnership with Citibank
did not cause any surprise, because many tech firms are looking at the consumer finance market. However, there are genuine concerns about the implications for data security and data sovereignty if this happens. The search engine giant would gain access to vast, new, highly sensitive datasets if it became a banking
service provider. It is unclear what it intends to do with that data. Recent revelations that Google
had discreetly gained access to the health data of at least 50 million Americans have added to the apprehensions.
Consumer finance is a new focus area for tech majors. Apple has launched credit cards in partnership with Goldman Sachs. Facebook is trying to create a cryptocurrency with its Libra initiative. Facebook’s subsidiaries, WhatsApp and Instagram, are setting up payment systems within the respective apps. Amazon is said to be seeking a partnership to provide banking
Pay is already a very successful payment app. It has around 67 million users in India, and it is said to be generating over 50 per cent of all Unified Payments Interface
(UPI) transactions and also doing well elsewhere around the world.
The Citibank-Google partnership would provide checking accounts tied to Google Pay accounts, with backup support from a credit-rating agency. This initiative could be launched in 2020. Citi’s checking accounts are typically fee-based, with charges payable for overdrafts, and for withdrawals from non-Citi ATMs. Google may opt that model. On Citi's part, gaining access to Google’s massive user-base makes the partnership an attractive proposition.
However, even if the bank accounts are fee-based, Google is unlikely to be interested in just generating some revenue from consumers. This would be small change for the company, which had over $136 billion in global revenues in 2018. The real area of interest would be the new data generated in a banking operation. When consumers are paid, how much they spend on discretionary purchases, where they spend it, and so on - these are the sorts of information Google would become privy to as a banking service provider. It could potentially tie the new information fields to data it already possesses about the search practices of users, their video-watching habits, reading and musical tastes, e-mail usage, video-calling patterns, and the ads they watch.
This would enable the creation of a formidably complete profile of users, which could enable the company to micro-target consumers in multiple ways. Would Google share that data with other companies? Would it use that data to drive some new initiatives of its own? Obviously, these things are unclear. But consumers and the regulatory authorities could justifiably be apprehensive about one private company gaining access to so much information about so many individuals. Questions may also arise about the storage and security of any such data, and the privacy laws that would be applicable. This is over and above regulators wanting compliance with local KYC and regulations.
The Reserve Bank of India (RBI), for instance, wants financial service providers to store data pertaining to Indian citizens on servers located within the country. The EU has also started thinking about data localisation. Google Pay has agreed in principle to comply with the RBI’s data localisation rules but it has not done so yet, even though the rules were announced about a year ago. All this means that there is a trust deficit where many consumers are concerned. There are over 5.5 billion searches on Google every day, and 1.4 billion Gmail accounts in operation. Indeed, there are over 100 million users of Google Pay across the world. But many of those users may not be comfortable with Google having access to sensitive financial data as well. And regulators certainly need to review Google’s plans carefully, given the chance that something could go very wrong.