[TheRecord] EU agency advises against using search & browsing history for credit scores

The European Union’s lead data protection supervisor has recommended on Thursday that personal data such as search queries & internet browsing history should not be used for the assessment of credit scores and creditworthiness.

The recommendation comes from the European Data Protection Supervisor (EDPS), an independent agency attached to the EU that advises policymakers “on all matters relating to the processing of personal data.”

“[T]he EDPS considers that inferring consumers’ credit risk from data such as search query data or online browsing activities cannot be reconciled with the principles of purpose limitation, fairness and transparency, as well as relevance, adequacy or proportionality of data processing. Therefore, the EDPS recommends explicitly extending the prohibition to search query data or online browsing activities,” the EDPS said in a document published on Thursday.

In addition, the agency advises that providers of financial and credit services should also not be allowed to use health data, such as cancer data, as well as any special category of personal data under Article 9 of the GDPR for the calculation of credit scores.

“Ensuring compliance with the principle of proportionality in the processing of personal data would also help protect consumers from being targeted at moments of vulnerability with unfair credit offers (for instance, high-cost payday loans),” the agency added.

The EDPS recommendations come after the European Commission has proposed revisions of two sets of EU rules on June 30, 2021, including an update to the EU’s older directive (2008/48/EC) on credit agreements for consumers.

Responding to a controversial IMF blog post

Of note is that while the EDPS recommendations touch on a large number of topics, the agency’s officials addressed the subject of using online browsing history for credit assessments for a reason.

Namely, the agency was addressing a controversial blog post from the International Monetary Fund, published last December, where IMF researchers argued that credit scores would be far more accurate if financial assessments would be enriched with nonfinancial data points, such as “the type of browser and hardware used to access the internet, the history of online searches and purchases.”

The IMF recommendation, which was universally panned and considered downright creepy, showed, however, the underlying fear of most of the banking sector—that they are losing ground to tech companies like Amazon, Facebook, and Google.

While the EDPS has no legislative role, the agency’s recommendations have been a major contributing factor to the core principles behind the EU General Data Protection Regulation (GDPR) and may signal that, at least the EU, is not ready for the surveillance nightmare future the IMF is apparently happy to embrace on behalf of its banking sector members.

The post EU agency advises against using search & browsing history for credit scores appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2020-04-17

China-linked Electric Panda hackers seek U.S. targets, intel agency warns www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220 Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday. Hacking […]

Read More

[HackerNews] Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

All posts, HackerNews

Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of two new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designed as CVE-2021-37975 and CVE-2021-37976, are part of a total of four patches, […]

Read More

[NCSC-FI News] Fake USA for UNHCR site wants your Ukraine donations in Bitcoin

There’s a spam campaign encouraging you to donate to or support Ukraine Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.