Increasing numbers of countries are introducing privacy legislation to protect users’ data. But while consumers value their privacy and protection from potential misuse of data, fintech firms often rely on personal data to innovate and provide new products and services. This column presents evidence that the California Consumer Privacy Act in the US mitigated this trade-off. By enhancing users’ control over data and reducing concerns over sharing them, the landmark Act has boosted fintech lending and benefitted consumers through improved financial services. In particular, it has lowered loan rates for traditionally underserved groups.
Over the last decade, the market share of fintech lenders has increased rapidly in many countries. As they often screen and price their borrowers with non-traditional data, better access to data could foster the growth of fintechs. In this way, policies that facilitate data sharing can spur competition in the financial sector (Petralia et al. 2019). Individuals from traditionally underserved groups, including minority and low-income applicants, stand to benefit in particular, as credit scores often inaccurately reflect their creditworthiness.
There is mounting evidence, however, that consumers dislike sharing their personal data (Goldfarb and Tucker 2012). Concerns range from price discrimination to data abuse, unethical advertising, and financial fraud (Figure 1).
Figure 1 Consumers’ concerns about sharing their data
Source: Survey of Consumer Expectations, Armantier et al. (2021), Doerr et al. (2023).
In addition, consumers care about whom they share their data with. As shown in Figure 2, US households have significantly less confidence in fintechs than other financial intermediaries to safely handle their data and protect them from data abuse or misuse (Armantier et al. 2021). This pattern is also present in other countries (Chen et al. 2023).
Figure 2 Consumers’ trust in counterparties to safeguard their data
Source: Survey of Consumer Expectations, Armantier et al. (2021), Doerr et al. (2023).
Regulators designing privacy-protection regulation hence face a challenging trade-off. Limiting or even prohibiting the collection of personal data protects consumers’ privacy, but risks reducing the availability and quality of data-intensive services (Acquisti et al. 2016). At the same time, the absence of a regulatory framework that addresses privacy concerns can also impede fintech development. Consumers might be reluctant to share data or engage with fintechs altogether, as they are concerned over privacy violations. Regulators hence need to strike the right balance between protecting users’ privacy and promoting the growth of fintechs to foster competition.
The California Consumer Privacy Act
In a recent paper (Doerr et al. 2023), we focus on the effects of the California Consumer Privacy Act (CCPA) on bank and fintech lending. Introduced in 2020, the CCPA constitutes a landmark change in the design of privacy regulation. By giving California residents control over their data and thus mitigating concerns over sharing them, the CCPA attempts to protect consumers without generally restricting information collection. For example, individuals can prevent firms from selling their personal information or request that firms delete the data after their use. Recent survey evidence shows that the majority of Californians have already exercised their CCPA rights.
The CCPA hence enhances users’ control over data and increases transparency and accountability. It differs from other types of privacy regulation that typically limit firms’ ability to collect information. It also differs from open banking, which aims to facilitate access to data rather than protect privacy per se. Most other US states are now considering introducing legislation in the spirit of the CCPA, and it serves as US Congress’ model for a federal privacy protection regulation. Several other countries also have introduced or are planning to implement similar privacy laws, such as the General Data Protection Regulation (GDPR) in Europe. Understanding the CCPA’s impact can hence yield important insights into the benefits and costs of such legislation in other states and countries.
Privacy regulation that gives users control over their data can foster competition
Our analysis uses data on residential mortgages from the Home Mortgage Disclosure Act database, from 2018–2021. The database provides a wealth of information on lenders, applicants, and loan terms. We classify lenders into banks or fintechs and estimate difference-in-differences regressions at the lender–census tract–year level. The CCPA, introduced in 2020, acts as treatment for tracts in California, while tracts in the neighbouring states constitute the control group.
We investigate the effects of introducing the CCPA on loan applications and interest rates. Leveraging the fact that privacy concerns are more salient towards fintechs, we expect the marginal benefit of privacy regulation that assuages concerns about sharing data to be higher for fintechs. Consistent with this argument, we find that after the introduction of the CCPA, loan applications to fintechs compared to banks increase by about 15% in California, relative to neighbouring states (Figure 3, panel a). This implies an increase in fintechs’ market share of 3 percentage points, or nearly one-fifth of their initial market share.
Figure 3 Pre-trends: Coefficient estimates
Notes: This figure plots coefficient estimates (blue line) and 95% confidence intervals (grey bars). Each coefficient indicates the evolution of loan applications and interest rates of fintechs relative to banks in each year before/after the introduction of the California Consumer Privacy Act. The year before the introduction of the Act (2019) is the omitted category. Panel (a) shows the coefficient estimates for loan applications, panel (b) for interest rates on approved mortgages.
Source: Doerr et al. (2023).
We then study the impact of the CCPA on interest rates on approved mortgages. In principle, an increase in demand for fintech loans due to better privacy regulation could lead to an increase in the rates fintechs charge. On the other hand, if users become more willing to share data and apply to fintechs, the accrual of additional information could allow fintechs to better screen applicants (Di Maggio et al. 2022). In turn, fintechs could lower the risk of their borrower pool and offer lower rates.
We find that the CCPA reduced loan rates by around 8 basis points on mortgages originated by fintechs relative to banks in California (Figure 3, panel b). The reduction in interest rates by fintechs is significantly stronger in areas with a higher share of traditionally underserved groups. For example, in tracts with a high share of minorities, the CCPA has reduced fintechs’ loan rates by up to 12 basis points.
This pattern suggests that the privacy protection offered by the CCPA has made applicants more willing to share data with fintechs, thereby improving fintechs’ screening process. So-called thin-file clients, often minority and low-income applicants, likely benefit more from screening with better data, as standard credit scores are noisier indicators of their default risk.
Exploring the channel: Fintechs’ enhanced screening capabilities
We carry out a number of tests to provide empirical evidence in support of the argument that the CCPA has improved fintechs’ screening abilities.
We first show that, after the introduction of the CCPA, the dispersion in interest rates increases by relatively more for fintechs. Greater rate dispersion is consistent with more individualised pricing due to a more precise signal about an applicant’s quality. Second, we show that the share of denied loan applications increases for fintechs compared to banks in California after the introduction of the CCPA. And third, we find that fintechs in California process significantly more mortgage applications with non-standardised credit scores after the introduction of the CCPA. The use of non-standardised credit scores in processing applications proxies a greater reliance on alternative personal data (Babina et al. 2022), in line with our argument that the CCPA increases applicants’ willingness to share data. All three channels are even stronger among mortgages not sold to government-sponsored enterprises, i.e. among those for which credit risk is more salient and lenders have greater scope to use non-traditional data.
The effects of the CCPA are not explained by changes in applicant quality nor by the Covid-19 pandemic
We investigate a number of alternative explanations for our findings.
First, we address the concern that the decline in the interest rate offered by fintechs could be due to an improvement in the quality of fintech applicants within tracts. As applications increase, it could be that higher-quality applicants decide to apply more to fintechs, allowing them to offer lower rates irrespective of any change in their screening ability. Yet we find no significant change in various measures of the quality of applicants to fintechs versus banks with the introduction of the CCPA. Further, directly controlling for the quality of the applicant pool leads only to a modest decline in the magnitude of the CCPA’s estimated effect on interest rates by fintechs.
Second, we control for the local severity of the Covid-19 pandemic. If movement restrictions limited applicants’ ability to visit a bank branch, applications to fintechs could have increased. However, an increase in demand should have put upward pressure on interest rates charged by fintechs. We find that our main results remain qualitatively unaltered when we control for the severity of the pandemic. Moreover, controlling for the potential increase in demand and attendant upward pressure on rates during the pandemic leads to a larger negative effect of the CCPA on interest rates charged by fintechs relative to banks. Likewise, our results are present when we focus on purchase mortgages only, so they are not due to changes in the composition of applicants or borrowers that refinance their loans.
Policy implications
Personal data lie at the heart of the digital economy. By allowing lenders to better assess the riskiness of borrowers, the use of data can for example reduce the need for collateral or promote financial inclusion and entrepreneurship. At the same time, consumers value their privacy and are concerned about the abuse and misuse of data. These considerations imply a trade-off for policymakers, which need to balance improving efficiency through greater use of data and protecting users’ right to privacy.
Our paper provides empirical evidence that privacy protection legislation that enhances users’ control over data and increases transparency and accountability in data use can mitigate the trade-off between users’ right to privacy and promoting competition. As the CCPA makes users more willing to share data, and in particular with fintech lenders, it enables better screening and leads to lower rates. It thus enhances the scope of financial services to the benefit of the consumer, and especially among historically underserved groups of the population.
The CCPA can hence be seen as a successful regulatory initiative to foster competition in the financial sector. It holds important lessons for other jurisdictions, including Europe, for designing and implementing privacy legislation.
Source : VOXeu