[TheRecord] EU agency advises against using search & browsing history for credit scores

The European Union’s lead data protection supervisor has recommended on Thursday that personal data such as search queries & internet browsing history should not be used for the assessment of credit scores and creditworthiness.

The recommendation comes from the European Data Protection Supervisor (EDPS), an independent agency attached to the EU that advises policymakers “on all matters relating to the processing of personal data.”

“[T]he EDPS considers that inferring consumers’ credit risk from data such as search query data or online browsing activities cannot be reconciled with the principles of purpose limitation, fairness and transparency, as well as relevance, adequacy or proportionality of data processing. Therefore, the EDPS recommends explicitly extending the prohibition to search query data or online browsing activities,” the EDPS said in a document published on Thursday.

In addition, the agency advises that providers of financial and credit services should also not be allowed to use health data, such as cancer data, as well as any special category of personal data under Article 9 of the GDPR for the calculation of credit scores.

“Ensuring compliance with the principle of proportionality in the processing of personal data would also help protect consumers from being targeted at moments of vulnerability with unfair credit offers (for instance, high-cost payday loans),” the agency added.

The EDPS recommendations come after the European Commission has proposed revisions of two sets of EU rules on June 30, 2021, including an update to the EU’s older directive (2008/48/EC) on credit agreements for consumers.

Responding to a controversial IMF blog post

Of note is that while the EDPS recommendations touch on a large number of topics, the agency’s officials addressed the subject of using online browsing history for credit assessments for a reason.

Namely, the agency was addressing a controversial blog post from the International Monetary Fund, published last December, where IMF researchers argued that credit scores would be far more accurate if financial assessments would be enriched with nonfinancial data points, such as “the type of browser and hardware used to access the internet, the history of online searches and purchases.”

The IMF recommendation, which was universally panned and considered downright creepy, showed, however, the underlying fear of most of the banking sector—that they are losing ground to tech companies like Amazon, Facebook, and Google.

While the EDPS has no legislative role, the agency’s recommendations have been a major contributing factor to the core principles behind the EU General Data Protection Regulation (GDPR) and may signal that, at least the EU, is not ready for the surveillance nightmare future the IMF is apparently happy to embrace on behalf of its banking sector members.

The post EU agency advises against using search & browsing history for credit scores appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

All posts, ThreatPost

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems. Source: Read More (Threatpost)

Read More

[HackerNews] Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations

All posts, HackerNews

The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met. “The negotiations reached a dead end, the amount we were offered does not suit us, we […]

Read More

Daily NCSC-FI news followup 2019-08-31

VLAN as an additional security layer www.kaspersky.com/blog/vlan-security/28253/ Every company has employees who handle large volumes of external e-mail. HR officers, PR managers, and salespeople are a few common examples. In addition to their regular mail, they receive a lot of spam, phishing messages, and malicious attachments. Moreover, the nature of their work requires them to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.