FinTech Belgium GDPR MeetUp - Daldewolf - 14/09/17
•Download as PPTX, PDF•
1 like•802 views
FinTech Belgium GDPR MeetUp - Daldewolf - 14/09/17 by Sari Depreeuw Hosted by KBC in Antwerp
Recommended
Recommended
More Related Content
Similar to FinTech Belgium GDPR MeetUp - Daldewolf - 14/09/17
Similar to FinTech Belgium GDPR MeetUp - Daldewolf - 14/09/17 (20)
More from Alessandra Gambrill - Guion
More from Alessandra Gambrill - Guion (14)
Recently uploaded
Recently uploaded (20)
FinTech Belgium GDPR MeetUp - Daldewolf - 14/09/17
- 1. “Computer says no” Profiling under the GDPR Sari Depreeuw Fintech Belgium Meetup Antwerp 14 September 1
- 2. Profiling & FinTech • Credit worthiness assessment: – Facebook profile – Cell phones use • Frequency text messages – too many texts => bad risk • Battery level – Low level => bad risk • Calls – Calls at night => credit worthy • Websites visits – gambling sites => credit worthy 2
- 3. Profiling & InsureTech • Car insurance – pricing – Facebook posts • short sentences, precise arrangement (set time and place to meet with friends >< “some time tonight”) → conscientious → score well • exclamation marks, « always » or « never » → overconfident → score poorly 3
- 4. Data – Purpose • Internet search and browsing history • Education and professional data • Financial and payment data • Driving and location data • Behaviour data gathered from mobile phones • Data derived from existing customer relationships • Social network information • Granting or refusing a loan • Tailoring conditions – Duration, interest rate, additional guarantees • Risk management • Fraud detection • Targeted advertising 4
- 5. Definition • Gathering data – Shared data – Inferred data • Assessing personal aspects in relation to a person • Analyse or predict behaviour – performance at work – economic situation – health – personal preferences and interests – reliability – behaviour – location or movements 5
- 6. Processing of personal data • Profiling => « processing » of « personal data » – Constitution of the profile – Applying profile to individual • GDPR applies – Legal basis – Principles of processing – Obligations for data controller! 6
- 7. Attention points • Decisions based solely on automated processing with legal or significant effect – Right not to be subject to automatic decision • Unless: contract or explicit consent right to human intervention – Information about logic, consequences • Sensitive data – Race, ethnicity, political opinion, religion, genetic, health, sex life,… – Inferred from non-sensitive data – Higher protection under the GDPR • Prohibition of discrimination on protected grounds – Race, ethnicity, gender, sexual orientation, religion,… – Direct and indirect discrimination prohibited 7
- 8. Reflexes • Legal basis – Consent not required in all cases – If sensitive data => consent required • Rights of data subjects – Proper information – Rectification of incorrect information (submitted or inferred) – Object to automated decision, direct marketing • Appropriate safeguards – « data protection by design » – Test impact on data subjects’ rights and freedoms – Avoid and correct errors – Minimise bias, exclude discrimination on protected grounds 8
Editor's Notes
- leeftijd, seksuele geaardheid, burgerlijke staat, geboorte, vermogen, geloof of levensbeschouwing, politieke overtuiging, [1 syndicale overtuiging]1 taal, huidige of toekomstige gezondheidstoestand, een handicap, een fysieke of genetische eigenschap, sociale afkomst;