Automated individual decision-making and profiling–WP251: EBF comments on the Article 29 Working Party guidelines
EBF advisor: Hélène Benoist
Publication date: 28 November 2017
Automated decision-making can be beneficial to individuals and society: It is important to keep in mind that human decisions are often biased and automated decision-making can therefore help make fairer and more accurate decisions. It is important that the profiling and automated decision-making regulatory framework as a whole puts in place appropriate safeguards without blocking the legitimate and socially beneficial uses of these techniques.
Focus on the “right not to be subject to automated decision-making” in line with the GDPR instead of full prohibition: The EBF fully supports the objectives of the GDPR to increase transparency around personal data processing and to give data subjects more control over their data. However, the WP29’s interpretation of Article 22(1) as a full prohibition is going further than what is prescribed by the GDPR which grants data subjects the right not to be subject to a decision based solely on automated processing of personal data.
Protect consumers and ensure compliance with existing legal and supervisory requirements: In financial services, profiling may be used among other things with the view to protect consumers and comply with regulatory/supervisory requirements imposed on the banking sector, such as the Anti-Money Laundering Directive (AMLD) to detect and prevent fraud, terrorism financing or other criminal activity; the Markets in Financial Instruments Directive (MiFID); the Consumer Credit Directive (CCD) or the Mortgage Credit Directive (MCD) with the aim to ensure responsible lending and that individuals do not become over-indebted; it could help the bank to make risk models or to manage the firm’s overall financial position.
Propose only examples reflecting the general practice of the industry: Although we appreciate the efforts of the WP29 to provide clarity and reassure stakeholders of their rights, we believe some of the examples provided do not reflect the general practice of the banking sector but represent more marginal examples. This approach could be misleading and could lead data subjects to make false assumptions about their banks. We thus offer changes and amendments to highlight more effectively the potential (and, in many cases, already existing) benefits of automated decision-making and profiling in relation to the financial industry.
Importance to ensure consistency between the approach undertaken by the WP29 and the existing EU/national legislation. The Guidelines should clarify that uses of automated decision-making for compliance with rules and guidance set by a regulatory authority are considered to be ‘authorised’. It is important to ensure full consistency with the approach adopted by other regulatory/supervisory bodies, authorities or agencies.
Continuing the #EBFCloud17 debate at the Cloud Stakeholder meeting @EuropeanCommission: banks are more than ready to adopt full-fledged cloud solutions with clear rules on #portability #certification #security