General Data Protection Regulation

Joint Committee of ESAs Final Report on Use of Big Data by Financial Institutions


On March 15, 2018, the Joint Committee of the European Supervisory Authorities (“ESA“) published its final report, together with a factsheet, on the use of big data by financial institutions (JC/2018/04). The report is available here and the factsheet here.

Chapter 4 of the report contains a feedback statement summarizing the responses received. Among other things, respondents expressed concerns about practices that do not guarantee the accuracy of the data collected and the potential consequences of the increasing level of segmentation of customers enabled by big data. They also warned that consumers may not be fully aware of big data tools being used and that the growing use of big data could increase the risk of harm from cyberattacks.

The ESAs consider that the requirements in sectoral financial legislation and in legislation relating to data protection, cybersecurity and consumer protection mitigate the risks identified by the ESAs. This framework will be further strengthened with the entry into application of several key pieces of legislation in the financial sector and the General Data Protection Regulation ((EU) 2016/679) (“GDPR“). The ESAs intend to monitor the extent to which these requirements contribute to mitigate big data risks.

The ESAs invite financial institutions to develop and implement good practices on the use of big data to promote a fair, transparent and nondiscriminatory treatment of consumers and to ensure that big data strategies are designed in a responsible way and are fully aligned with the interests of consumers. The ESAs suggest an indicative list of arrangements and behaviors concerning:

  • Robust big data processes and algorithms relating to the monitoring of the functioning of big data procedures and methodologies.
  • Consumer protection. Among other things, the ESAs suggest firms should periodically assess whether big data-based products and services are aligned with consumers’ interests.
  • Disclosures on the use of big data, relating to firms’ transparency toward customers concerning the use of big data technologies to process their data.