Instagram-lending ban is EU's first attempt to curb Big Tech finance moves

A ban on EU lenders using social-media data to check borrowers’ ability to repay loans appears to be one of the first legislative attempts from Brussels to respond to the incursion of Big Tech companies and artificial intelligence techniques into finance.

Consumer credit proposals published today by the European Commission respond to increasing concerns that companies like Google or Facebook could move into lending or insurance, using direct client access and vast stores of personal data to upend the traditional financial sector.

EU laws require lenders to check that customers can afford to repay - an obligation that the new directive would extend to more kinds of loans, including smaller payday lending. But regulators don’t want those checks to operate via big-data profiling of sensitive information, nor by more casual glances at a social media page.

“Personal data found on social media platforms or health data, including cancer data, should not be used when conducting a creditworthiness assessment,” the legislation published today said. That text is in a recital, which forms part of the text of the law but isn't itself legally binding.

Selfies

An Instagram feed mainly filled with selfies from the casino might send a warning signal that a client is a credit risk. But the law urges lenders to stick to more traditional ways of determining financial responsibility, like payslips and information on expenses, as set out in European Banking Authority guidelines.

While the consumer credit directive doesn't apply to home loans, restrictions on the use of health information would certainly pose a problem in markets like insurance or mortgages, where detailed checks on health status and related habits like smoking form an integral part of vetting procedures.

The commission appears to be responding to pressure from the lawmakers in the European Parliament’s biggest, center-right, political grouping, who have taken up the cause of cancer patients who found themselves blocked from essential financial services like loans and life insurance.

Big Data

An EBA report last year found that banks are, at present, largely shunning the use of social-media information as too patchy and unreliable. But, the watchdog warned, social media and mobile phone activity are becoming an increasingly popular source of input data for machine-learning tools.

That, too, is something regulators are wary about. EU data-protection rules contain a general bar on profiling - or automated decision-making that affects people in a legally significant way. Under the new proposals, lenders would have to disclose if they’ve used profiling in their decisions, explain how they've arrived at the result, and give the customer a chance to object.

The proposal also fits nicely with the commission's framework for AI regulation, which bans certain practices, such as systems that allow "social scoring" by governments and "real-time" use of facial recognition by law enforcement authorities.

In a consultation published in February, the commission set out its fears that - ironically - the arrival of tech giants could cause both more concentration, and more fragmentation, with huge online platforms potentially offering a vast range of financial services. That would pose a challenge for traditional financial regulation, which focuses on regulating individual institutions providing distinct services such as lending, insurance or investment.

Aside from a commission proposal to regulate virtual currencies known as "stablecoins" - clearly targeted at initiatives like the Diem payments service backed by Facebook and other industry players - there has been little to show in terms of detailed regulatory response to those concerns.

The humble area of consumer credit - which, unlike other financial laws, is led by the commission’s justice department, also responsible for data protection rules - may prove to be the testing ground.

* Additional reporting by Matthew Newman.