Best Lawyers® — 20/02/2018 at 16:00

Social Media and Data Privacy Challenges Associated with Financial Technology (FinTech) Innovation



FinTech and Its Impact in the U.K. Market

FinTech companies use finance and technology in efficient ways that will disrupt traditional financial models used in financial services. The U.K. FinTech industry is experiencing tremendous growth, and according to the U.K. government, the FinTech sector generated around £6.6 billion in revenue in 2015 with a workforce of over 60,000, meaning that more are employed in U.K. FinTech firms than in FinTech firms based in Singapore, Hong Kong, and Australia combined.

FinTech Solutions Using Social Media

Crowdfunding can be used by FinTech firms to provide an alternative to conventional bank loans by raising funds from a large number of people (thousands or millions in some cases), usually investing modest amounts of money; for example, Mondo Bank raised £1 million in 96 seconds, attracting 1,861 investors who each invested an average of £542 and who share a 3.33 percent equity in the challenger bank.

Crowdfunding firms may collect, aggregate, and exploit big data analytics, including social media data, to evaluate factors that determine eligibility for loans, such as fraud, risk,credit worthiness, occupation, and salary.

Kreditech is an online FinTech company based in Hamburg, Germany, that offers loans to individuals with thin credit files (little or no credit history). The firm employs algorithms that analyze big data using unconventional behavioral patterns as predictive indicators when determining the creditworthiness of individuals or the likelihood of defaulting loan repayments. The analysis also looks at information from social media sites such as Facebook and Twitter and analyzes the sophistication of the language the borrower employs and whether they have friends that have borrowed and repaid loans from the company. However, if the consumer does not wish to share their social media profile, they will not automatically disqualify them.

Article 4(11) GDPR: Consent

Crowdfunding firms that operate data platforms are required to comply with the provisions of Article 4(11) of the GDPR, meaning they should obtain consent from the data subject, which must be given freely, specific, informed, and unambiguous so as to signify agreement to the processing of personal data relating to the data subject.
What does this mean for crowdfunding firms who analyze social media data as part of a loan application? In simple terms, if the data subject (borrower) does not wish to share their social media profile, then the crowdfunding firm should not assume that because an individual’s social media profile is “publicly” available they are authorized to process that data as part of a loan application. For example, under Facebooks’ data policy, the data subject may wish to share their information with public audiences. This public information is available to anyone, whether or not they use Facebook services and can be seen or accessed through online search engines. However, if the data subject has informed the crowdfunding firm not to use their social media data, then this must be adhered to, regardless of their profile being public.

Recital 43 GDPR: Consent and Position of Bargaining Power

Recital 43 stipulates that in order for consent to be freely given, “[c]onsent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller … Consent is presumed not to be freely given if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.”

As a result, FinTech lenders that employ algorithms to analyze the sophistication of the language used on social media profiles should not enforce a provision of service on condition that consent is given by the data subject to share their social media profile, particularly when other forms of data can be analyzed for the performance of a contract. In this circumstance, the exclusion of social media data should not result in the data subject being unfairly denied credit or saddled with higher interest rates. However, the data subjects are usually not in a bargaining position to negotiate the high interest rates as they are typically deemed high-risk applicants as they have poor or no credit history and might feel compelled to agree to their social media data being processed.

The use of social media may be an efficient and unique phenomenon for alternative creditworthiness checks. However, as the use of this trend increases in Europe and the U.S., caution will need to be exercised as the purpose of social media sites is for users to freely write or communicate their ideas, opinions, share photographs, etc., and this benefit could be countermanded due to fact that the sophistication of language may be scrutinized by the FinTech lenders, which may compel the social media users to use grammar that may conflict with their original intention of using a social media account (e.g., for “recreational” use only).

Michael Brown is a data protection practitioner focused on FinTech and financial services firms. He started his professional career 29 years ago and obtained his information technology Master of Laws (LL.M.) degree from the University of Edinburgh. He can be reached at

Find this great article on

Uber's Insurance Gap
Social Media - Friend or Foe?
Know Your Objectives Before Negotiations Start
South African “Law Firm of the Year”: Norton Rose Fulbright

Leave a Reply

— required *

— required *