Page 26 - FIGI - Big data, machine learning, consumer protection and privacy
P. 26

bureaus may nevertheless find themselves subject to   agency” under the FCRA,  and was liable to him for
                                                                                     114
            legal obligations that apply to traditional credit refer-  having supplied incorrect information. The case was
            ence bureaus. In some cases, such companies could   resolved on other grounds, but the potential breadth
            find themselves subject to claims for failure to supply   of such legacy legislation poses challenges for firms
            accurate information that has a bearing on a person’s   operating in the  data  business. It may  give rise to
            credit worthiness.                                 responsibilities to consumers for accuracy of data
               Many countries recognise a public interest in   used to make credit and other decisions that were
            ensuring “fair and accurate credit reporting,” as for-  not anticipated, weaken legal certainty and under-
            mulated in the US, for example.  This both benefits   mine business innovation and investment.
                                        108
            the functioning of financial services markets and pro-
            tects consumers. For this reason, consumer reporting   Credit reporting requirements and the wider
            agencies whose data are used for credit transactions,   information ecosystem
            insurance, licensing, consumer-initiated business   The discussion above concerned the responsibilities
            transactions, and employment are often regulated. 109  to consumers that firms may have when dealing with
               However, many countries’ consumer reporting     data in non-traditional ways, in particular regarding
            laws were enacted before the advent of the inter-  the accuracy of data they use for decisions in finan-
            net, let alone big data and machine learning. Some   cial services. A related question arises concerning
            countries have a broader concept of consumer       firms’ responsibility to contribute to the wider infor-
            reporting agencies. In the US, for example, the Fair   mation ecosystem that is traditionally regulated by
            Credit Reporting Act (FCRA) applies to companies   disclosure and reporting obligations.
            that regularly disseminate information bearing on an   Disclosure obligations arise in numerous contexts,
            individual’s “credit worthiness, credit standing, credit   whether due to securities laws requirements appli-
            capacity, character, general reputation, personal char-  cable to public companies, health and safety disclo-
            acteristics, or mode of living.”  The FCRA requires   sures for medicines, or consumer products that pose
                                       110
            consumer reporting agencies to “follow reasonable   particular risks. In the financial services context, for
            procedures to assure maximum possible accuracy”    example, a person’s credit history is useful data for a
            of consumer reports; to notify providers and users of   financial service provider, reducing the asymmetry of
            consumer information of their responsibilities under   information between lender and borrower. In order
            the Act; to limit the circumstances in which such   to improve competition among service providers
            agencies provide consumer reports “for employment   that hold such data and the functioning of financial
            purposes”; and to post toll-free numbers for consum-  markets, some financial service providers are often
            ers to request reports. It also creates liability for fail-  required to report credit data about consumers to
            ure to comply with these requirements.             consumer  reporting  organizations  which  organize
                                               111
               In a 2016 report, the US consumer agency, the Fair   and make it available to the market as a whole.
            Trade Commission (FTC), considered how big data      In many countries, only banks (i.e., entities that
            is used in credit reporting decisions.  The FTC clar-  are regulated, typically with banking licences, for
                                            112
            ified that data brokers that compile “non-traditional   deposit taking, lending and other related activities)
            information, including social media information” may   are required to report to credit reference bureaus
            be considered to be credit reporting agencies sub-  for inclusion in the credit reference bureau’s records
            ject to these obligations.                         and  analytics.  Today,  the  question arises  whether
               This is not a mere theoretical possibility. For   non-banking financial service providers that rely on
            instance, in  the recent US  Supreme  Court case   automated decisions using alternative data to profile
            Spokeo v Robins,  Spokeo operated a website which   risk should be obligated to report the results of such
                           113
            searched and collected data from a wide range of   lending to credit reference bureaus as well.
            databases. It provided individuals’ addresses, phone   Some consider that alternative lenders should be
            numbers, marital status, approximate ages, occupa-  required to supply credit data to credit reference
            tions, hobbies, finances, shopping habits and musical   bureaus about a consumer’s loan that is successfully
            preferences and allowed users to search for infor-  repaid (positive reporting data) as well as where the
            mation about other individuals. The plaintiff, Robins,   consumer defaults on the loan (negative reporting
            alleged that Spokeo incorrectly described him as a   data).  Doing so may provide a more “level playing
                                                                    115
            wealthy, married professional, resulting in him being   field” of regulatory obligations for similar activities
            adversely perceived as overqualified for jobs. Rob-  (lending) rather than applying different regulatory
            ins claimed that Spokeo was a “consumer reporting   obligations depending on the type of entity (a bank



           24    Big data, machine learning, consumer protection and privacy
   21   22   23   24   25   26   27   28   29   30   31