https://therecord.media/eu-agency-advises-against-using-search-browsing-history-for-credit-scores/ * [matomo] [ ] [go] [PrimaryLog] * Leadership * Cybercrime * Nation-state * Government * People * Technology * About * Contact * [ ] [go] Subscribe to our newsletter [ ] [go] Subscribe EU agency advises against using search & browsing history for credit scores Image: The New York Public Library Catalin Cimpanu August 26, 2021 EU agency advises against using search & browsing history for credit scores Government News Privacy * * * * * Catalin Cimpanu August 26, 2021 * Government * News * Privacy * * * * * EU agency advises against using search & browsing history for credit scores The European Union's lead data protection supervisor has recommended on Thursday that personal data such as search queries & internet browsing history should not be used for the assessment of credit scores and creditworthiness. The recommendation comes from the European Data Protection Supervisor (EDPS), an independent agency attached to the EU that advises policymakers "on all matters relating to the processing of personal data." "[T]he EDPS considers that inferring consumers' credit risk from data such as search query data or online browsing activities cannot be reconciled with the principles of purpose limitation, fairness and transparency, as well as relevance, adequacy or proportionality of data processing. Therefore, the EDPS recommends explicitly extending the prohibition to search query data or online browsing activities," the EDPS said in a document published on Thursday. In addition, the agency advises that providers of financial and credit services should also not be allowed to use health data, such as cancer data, as well as any special category of personal data under Article 9 of the GDPR for the calculation of credit scores. "Ensuring compliance with the principle of proportionality in the processing of personal data would also help protect consumers from being targeted at moments of vulnerability with unfair credit offers (for instance, high-cost payday loans)," the agency added. The EDPS recommendations come after the European Commission has proposed revisions of two sets of EU rules on June 30, 2021, including an update to the EU's older directive (2008/48/EC) on credit agreements for consumers. Responding to a controversial IMF blog post Of note is that while the EDPS recommendations touch on a large number of topics, the agency's officials addressed the subject of using online browsing history for credit assessments for a reason. Namely, the agency was addressing a controversial blog post from the International Monetary Fund, published last December, where IMF researchers argued that credit scores would be far more accurate if financial assessments would be enriched with nonfinancial data points, such as "the type of browser and hardware used to access the internet, the history of online searches and purchases." The IMF recommendation, which was universally panned and considered downright creepy, showed, however, the underlying fear of most of the banking sector--that they are losing ground to tech companies like Amazon, Facebook, and Google. While the EDPS has no legislative role, the agency's recommendations have been a major contributing factor to the core principles behind the EU General Data Protection Regulation (GDPR) and may signal that, at least the EU, is not ready for the surveillance nightmare future the IMF is apparently happy to embrace on behalf of its banking sector members. * * * * * Tags * browsing history * data protection * EDPS * European Union * GDPR * privacy * search query * social media * surveillance Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers. Previous article Next article IronNet closes merger, becomes public company Ragnarok ransomware operation shuts down and releases free decrypter Briefs * DOJ launches program to train prosecutors in cybersecurity topics August 27, 2021 * IronNet closes merger, becomes public company August 27, 2021 * Ragnarok ransomware operation shuts down and releases free decrypter August 26, 2021 * WhatsApp, Facebook, and Twitter fined for not storing user data inside Russia August 26, 2021 * What did the White House and U.S. tech giants pledge to do on cyber, exactly? August 26, 2021 * Facebook will let bug hunters submit joint reports August 25, 2021 * Scammers steal $2.3 million from small US town August 25, 2021 * U.S. announces cyber deals with Singapore as Washington looks to counter Beijing August 23, 2021 * Firefox follows Chrome and prepares to block insecure downloads August 23, 2021 * New LockFile ransomware gang weaponizes ProxyShell and PetitPotam attacks August 22, 2021 * Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack August 19, 2021 * Cisco: Security devices are vulnerable to SNIcat data exfiltration technique August 18, 2021 [PrimaryLog] * * * * * Contact * About Us * Privacy Policy (c) Copyright 2021 | The Record by Recorded Future