Legal challenges in the API economy (Altius)

Author: Diederik Arnaut (Altius)

Publication date: 25/01/2019

What is an API?

On 14 December 2018, the European Banking Authority issued a call for expressions of interest to participate in its working group on Application Programming Interfaces or APIs. The term API is little known to the general public; yet it carries a significant amount of importance in our day-to-day digital environment.

In a nutshell, an API or “Application Programming Interface”, is a documented set of connecting points that allow an application to interact with another system, which allows developers to make simple use of this system without the need to have a complete understanding of the underlying implementation. In much the same way that a “graphical user interface” or “GUI” allows a user to carry out certain complex software commands with the touch of a button on the screen, an API allows the developer to integrate certain technology in the build of his/her own application without the need to acquire full access to the back-end.

The use of public APIs has long been prevalent in internet services. For example, if a company uses a plug-in on its website for Google Maps, it is using the (freely-available) Google Maps API. If a person logs on to Spotify using his/her Facebook-account, he/she is using the Facebook-API. In other words, these public APIs are the means for large internet companies to extend their market reach, both in a B2B and B2C context.

Recent developments in the bank and fintech sector

Encouraged by legal developments, such as the new European Payment Services Directive (EU) 2015/2366, the financial industry has been evolving towards the concept of “open banking”: the sharing of banking data to third parties through the use of APIs to offer integrated services to the end-user.

A real-life example is the fact that a bus fare can now be paid in the banking app on your smartphone, or that a plumber or painter can be found through the client’s bank platform. This shift towards an integrated banking approach involves the heavy-use of third party APIs to allow for smooth integration of third party software.

Legal challenges

Unlike the public APIs, banks will most likely make use of their partner’s private APIs to integrate the partner’s application or functionality into their own technology. Such a specific partner API may be more readily negotiated and subject to licensing conditions. The use and integration of APIs in this context indeed poses several questions from a legal point of view:

• The API’s legal nature (e.g. as an accessory to a software license)
• The API’s implementation and access (authentication and registration by API key)
• Limitations on the use of the API (e.g. volume, frequency of use)
• Non-compete clauses and limitations on reverse-engineering
• The API’s support (e.g. the need for an SLA)
• Protection of the customer’s data (e.g. obligations under GDPR)

It is clear that APIs will continue to grow in importance in the coming years, and that this increased importance will require the need to review and consider the legal implications of using both open and private APIs.

Read the original article here