Much of the current debate over “open banking” is framed as if financial services are about to cross some bright line into a new era of surveillance. That framing is wrong. Finance is being debated in a world where the surveillance economy is already fully built out and operating at scale.

Telecoms track movements, apps and platforms log every tap and scroll, and data brokers quietly stitch together “high‑resolution” behavioral files on most adults in the United States. Location histories, purchase patterns, political inferences, possible pregnancies, likely addictions—these are all routinely packaged and sold. Against that backdrop, the idea that financial services should sit outside the surveillance economy is a position with little merit.

Most conversations about financial data privacy behave as though the rest of this apparatus doesn’t exist. Critics of open banking talk as if a small island of financial privacy can be preserved in a sea of pervasive tracking. Industry advocates, in turn, talk as if it is still 1999, arguing that a bit more data will allow banks to price risk better and cut down on fraud. Both stories are partial.

A more realistic starting point is this: if there is no serious willingness to dismantle the surveillance business model across sectors, then insisting that only financial firms must conduct business outside the mass personal‑data machine is difficult to defend.

The surveillance web already exists

The maturity of the data‑broker ecosystem is well‑documented. These companies assemble thousands of attributes on individuals—demographics, web browsing, app usage, offline purchases, geolocation trails—and sell them to marketers, political campaigns, law enforcement, and other paying customers. Research and congressional testimony describe this system as “unregulated surveillance,” emphasizing how brokered data lets government agencies and private actors sidestep traditional legal constraints.

Viewed from this baseline, arguments that financial data must be kept wholly separate from the rest of the surveillance lattice simply resemble rhetoric insisting personal data is private when the reality is exactly the opposite in almost every other sphere of industry.

The financial carve‑out is narrower than it appears

Financial services do operate under sector‑specific privacy rules. Gramm‑Leach‑Bliley and the Fair Credit Reporting Act were meant to reflect a judgment that financial information is qualitatively different and merits stronger protection. But these laws were built for a different era and are riddled with carve‑outs, both in statutory text and through state‑law exemptions for GLBA‑regulated institutions.

The CFPB has explicitly highlighted gaps in these frameworks, particularly as new digital‑finance business models blur lines between traditional banks, fintechs, and data brokers. The notion that GLBA and FCRA form an impenetrable wall between bank records and the broader data economy is more comforting than accurate.

Meanwhile, everything around financial services is already heavily tracked. Phones and apps reveal where individuals sleep, work, worship, who they see, and much of what they discuss. Those signals alone permit fairly accurate inferences about income, financial stress, and risk profile, even without direct access to bank statements.

The result is a structural asymmetry: non‑financial actors can quietly infer much of a person’s financial life and trade on those inferences, while institutions that actually manage money are told to behave as if none of that web exists.

Two coherent positions—and one evasive middle

Given this reality, two coherent positions stand out.

First, a serious campaign against the surveillance economy would target the data‑broker business model directly: restricting sale and reuse of location and behavioral data, cutting off government agencies’ ability to buy their way around constitutional protections, and confronting the practices of telecoms and platforms, not just banks.

Second, if that kind of cross‑sector rollback is not politically or practically on the table, the case for forbidding financial institutions from accessing data that everyone else can and does use becomes less clear. In that world, surveillance is not being halted; only the set of beneficiaries is being curated. Insisting that only financial firms must operate as if the mass personal‑data machine does not exist—while every other sector exploits it—is difficult to defend.

What looks less defensible is the evasive middle ground: maintaining the broader surveillance infrastructure largely intact while insisting that financial services remain symbolically pure, as though sectoral privacy rules can deliver meaningful protection while the rest of the economy runs on intensive tracking.

If data brokers are not going to be criminalized or shut down, then relying on GLBA/FCRA carve‑outs to carry the entire privacy load for consumers risks becoming a form of regulatory theater.

What “liberalizing” actually entails

To say that finance “may as well” be able to use data already circulating in the surveillance economy is not to argue that all constraints should vanish. Important distinctions remain between using data narrowly for fraud prevention and risk management, and using it broadly for monetization, behavioral manipulation, or discriminatory pricing.

However, from a consumer’s standpoint, much of the harm associated with being profiled, tracked, and targeted is already occurring in the app ecosystem, the ad‑tech stack, and the broker market. Allowing banks or credit unions to draw on some of the same information for security or underwriting does not create surveillance from scratch; it reallocates who participates in the existing system and for which primary purposes.

Opposition to that shift is most coherent when coupled with a willingness to attack the surveillance system as a whole. Without that broader project, asking financial firms to conduct business entirely outside the mass personal‑data machine, in a world where other actors enjoy near‑total visibility, looks less like robust privacy protection and more like a selective handicap.

A more candid starting point

Some of the most enthusiastic open‑banking advocacy seeks to capture the upside of the surveillance web for finance—more precise risk models, dynamic pricing, “personalized” offers—while soft‑pedaling the extent to which these benefits depend on a sprawling tracking infrastructure built largely outside traditional financial regulation. Those accounts often suggest that open banking is a contained, incremental adjustment rather than an integration of finance into a wider surveillance ecosystem.