[wayzel]

In Europe regulation forced the hands of the banks to API-ify the data and make it accessible. In the US, as with many things, it is left to industry to sort out.

Plaid's implementation was aggressive (screen scraping, etc) but many banks are blocking that now and some, like JPMorgan Chase, have created APIs based on OFX (the industry consortium for secure data exchange) to allow controlled data access.

You, the customer, should always be able to choose which targets get to receive your data. Via OAuth mechanisms you grant them access without sharing your login/pw, and you can revoke at will.