3. GDPR
• General Data Protection Regulation (« GDPR »)
• Profiling (art. 4.4 GDPR)
“Any form of automated processing of personal data consisting of the
use of personal data to evaluate certain personal aspects relating to a
natural person, in particular to analyse or predict aspects concerning
that natural person's performance at work, economic situation, health,
personal preferences, interests, reliability, behaviour, location or
movements”
3
4. Profiling under GDPR
• Data processing principles
• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
4
5. Banks
• Data minimisation
– Defined data corpus
– Source: Financial transactions
– Additional data from data
brokers?
• Purpose limitation
– Personalised financial services
– Fraud detection
– Risk assessment (credit scoring)
– Offer new financial services
• Accuracy
– Who knows?
Data rich fintech
• Data minimisation
– Virtually unlimted data
– Source: Search, e-mail,
entertainment, browser,
operating system,...
• Purpose limitation
– Personalised services (i.e. search,
e-mail, entertainment, browsing,
use of apps)
– Advertisement
– Offer new services of any kind
• Accuracy
– Surprisingly so
5
6. Conclusion
• Unequal access to data
– Institutional banks
– Fintech startups
– Established internet companies in fintech
• Unequal compliance with GDPR
– Data minimisation, purpose limitation
• Answers?
– GDPR not between competitors
– Unfair commercial practices?
– Competition law?
– Innovation & partnerships
6