2. Profiling & FinTech
• Credit worthiness assessment:
– Facebook profile
– Cell phones use
• Frequency text messages
– too many texts => bad risk
• Battery level
– Low level => bad risk
• Calls
– Calls at night => credit worthy
• Websites visits
– gambling sites => credit worthy
2
3. Profiling & InsureTech
• Car insurance – pricing
– Facebook posts
• short sentences, precise arrangement
(set time and place to meet with friends ><
“some time tonight”)
→ conscientious → score well
• exclamation marks, « always » or « never »
→ overconfident → score poorly
3
4. Data – Purpose
• Internet search and
browsing history
• Education and professional
data
• Financial and payment
data
• Driving and location data
• Behaviour data gathered
from mobile phones
• Data derived from existing
customer relationships
• Social network information
• Granting or refusing a
loan
• Tailoring conditions
– Duration, interest rate,
additional guarantees
• Risk management
• Fraud detection
• Targeted advertising
4
5. Definition
• Gathering data
– Shared data
– Inferred data
• Assessing personal aspects in relation to a person
• Analyse or predict behaviour
– performance at work
– economic situation
– health
– personal preferences and interests
– reliability
– behaviour
– location or movements
5
6. Processing of personal data
• Profiling => « processing » of « personal
data »
– Constitution of the profile
– Applying profile to individual
• GDPR applies
– Legal basis
– Principles of processing
– Obligations for data controller!
6
7. Attention points
• Decisions based solely on automated processing with legal or
significant effect
– Right not to be subject to automatic decision
• Unless: contract or explicit consent
right to human intervention
– Information about logic, consequences
• Sensitive data
– Race, ethnicity, political opinion, religion, genetic, health, sex life,…
– Inferred from non-sensitive data
– Higher protection under the GDPR
• Prohibition of discrimination on protected grounds
– Race, ethnicity, gender, sexual orientation, religion,…
– Direct and indirect discrimination prohibited
7
8. Reflexes
• Legal basis
– Consent not required in all cases
– If sensitive data => consent required
• Rights of data subjects
– Proper information
– Rectification of incorrect information (submitted or inferred)
– Object to automated decision, direct marketing
• Appropriate safeguards
– « data protection by design »
– Test impact on data subjects’ rights and freedoms
– Avoid and correct errors
– Minimise bias, exclude discrimination on protected grounds
8
leeftijd, seksuele geaardheid, burgerlijke staat, geboorte, vermogen, geloof of levensbeschouwing, politieke overtuiging, [1 syndicale overtuiging]1 taal, huidige of toekomstige gezondheidstoestand, een handicap, een fysieke of genetische eigenschap, sociale afkomst;