Big Data and Financial Services: Are European Privacy and Information Security Hindering Innovation?

Vol. 41 No. 4


Richard Graham ( is a partner practicing in the London office of Edwards Wildman. He was assisted in the preparation of this article by Adam Lewington, trainee solicitor at Edwards Wildman.


We are currently witnessing a wave of technological developments relating to the collection, storage, aggregation, and processing of financial services data. “Big Data” refers to mass repositories of data that can be collected across multiple platforms, in multiple jurisdictions, and in multiple languages. “Big Data” has been coined to cover the analysis of these data, and the results of predictive analytics are being used to improve competitiveness, promote innovation and growth, and contribute towards improved profitability in the financial services sector. The Big Data revolution has been facilitated by quantum improvements in high-performance computing, including the ever-increasing use of cloud computing, and software interoperability. The volume of data is generally too large for standard database software to effectively structure, manage, and analyze, and in some cases it has been necessary for banks or insurance organizations to take these data outside the corporate wall to benefit from new, innovative analytical solutions.

However, against the background of this technological innovation sit numerous legal and operational concerns. In Europe, the evolving data protection, privacy, and information security laws present a real challenge to Big Data for financial services organizations. Yet this challenge is not the only threat to Big Data. Both Basel III (the Revised International Capital Framework by the Basel Committee on Bank Supervision) and Solvency II (Directive 2009/138/EC, which codifies and harmonizes EU insurance regulation) place significant requirements upon organizations requiring effective systems and controls to be implemented and maintained. In fact, the increased regulatory scrutiny that we have witnessed over the last five years has resulted in the supervision of the way financial services organizations work with their data. The challenge for those wishing to exploit Big Data will be to use the available information to the fullest extent possible, while at the same time meeting the increased demands placed upon them by the regulators and adhering to a compliant risk-reporting framework.

The Exponential Growth in Business Data

The McKinsey Global Institute predicted in its report, Big Data: The Next Frontier for Innovation, Competition, and Productivity, a 40 percent projected global growth in data being generated each year. Indeed, the sheer volume of data being created is simply too much to be retained and much of it is currently being deleted. Individuals are adding to these data through their increased use of technology, including through the use of smartphones and social media platforms. We are also living in a world where the “Internet of Services” has become a reality, with networks pulling data from objects, including smart meters, transport applications, and retail devices. The next challenge will be to understand how to interpret and analyze these data in a meaningful way without encountering and falling foul of technological, legal, or regulatory barriers.

The explosion in online behavioral advertising serves as an example of the value of Big Data in business analytics, and both Google and Facebook use their data to produce detailed targeted analytics for marketing purposes. Healthcare providers have also been making use of their datasets, for example, to enhance the development of new medicines or spot relationships between data that were otherwise hidden among the sheer volume of data. In the financial services sector, MasterCard and Visa have also led the way in identifying a market for analyzing credit card purchases to target advertisements and create profiles for individuals by pooling different datasets.

The McKinsey Global Institute states that the use of Big Data could be worth up to $300 billion per annum to the U.S. healthcare sector and €250 billion per annum to the European public-sector administration. The financial services sector is positioned to benefit very strongly from Big Data as long as barriers to its use can be overcome. Business data have therefore now become a significant corporate asset, though many organizations are only just beginning to recognize their importance.


Big Data and Financial Services

Big Data is now seen as a real opportunity for financial services organizations, which have increased their ability to analyze historic and real-time data at a granular level. In the banking sector, the interrogation by banks of their underlying data will help design innovative financial products and help develop predictive models or credit risk reports. It can help improve internal performance and competitiveness and therefore improve profitability. Big Data analytics also helps banking institutions understand their customers, particularly where their customers interact with them through their branch networks and Internet or mobile app platforms. This can help identify customer behavior patterns and support customer conversion.

In the insurance sector, the potential of Big Data is similarly far-reaching. In the United Kingdom, the Automobile Association announced in 2012 that it was introducing a new networked product that allows it to track drivers’ speed, types of road traveled on, time of day and night of driving, and braking and cornering. This information is collected by satellite and used to determine a relevant driver’s insurance premium. The growth of real-time location data like these is allowing new business models to be created. Service providers to the insurance sector are also developing catastrophe models and other risk models based entirely on the information they have mined from Big Data.

Insurers are also now able to use data from a variety of different sources to effectively tailor products with appropriate premiums based on a clearer understanding of the underlying risk. Insurers have also indicated that Big Data may play a role in preventing insurance fraud and processing insurance claims. In particular, Big Data gathered from claims and associated datasets can help contribute to the expertise for processing any subsequent similar claims. This can also be fed back into the system to help determine underwriting decisions and contribute towards a more efficient product design.

Big Data therefore provides enhanced predictive analytics for financial services organizations. This process has evolved, with Big Data becoming the next stage in that evolution. Today, data analytics uses additional information such as credit scores or local economic conditions that may be relevant. This information is then used to develop a predictive model that determines trends and relationships. It does not have to be sourced from traditional providers, and third-party information, such as environmental information or social media data, can be added to the analysis.


European Privacy and Information Security Issues

European privacy and information security laws do represent a real threat to Big Data innovation, as they present barriers to moving data from legacy systems to new cloud-based platforms and therefore give rise to the accompanying risks associated with hosting data outside the corporate wall.


Data Protection and Privacy

There are numerous data protection and privacy issues to consider when undertaking any form of Big Data analytics, particularly in the European Union. In general, regulatory requirements dictate that personal data must be processed for specified and lawful purposes and that the processing must be adequate, relevant, and not excessive. The impact of these principles for financial services organizations looking to undertake data mining on their business data is significant, with individuals being able to ask financial services organizations to remove or refrain from processing their personal data in certain circumstances. This requirement could lead to increased costs for financial services organizations as they deal with individuals’ requests. This removal of data may also lead to the dataset available to financial services organizations being skewed, as certain groups of people will be more active and aware of their rights than others.

The European Commission published its proposed General Data Protection Regulation on January 25, 2012. The Regulation strengthens existing rights, such as the requirement to obtain explicit consent, and introduces new rights and concepts, such as privacy by design, data portability, and the right to be forgotten. All of these rights present a challenge for Big Data innovation, as a large part of the success of Big Data has been that it allows the analysis of mass quantities of data collected over years. Any restrictions on the ability to retain and use any of these data will present a challenge to the underlying purposes of Big Data.


Information Security and Data Breaches

Information security relates to the availability, confidentiality, and integrity of data. A fundamental cornerstone of any Big Data solution will be the requirement that the data are kept secure and protected against unauthorized or unlawful processing and accidental loss or destruction of, or damage to, the data. Weaknesses in information security have become a fundamental threat to the success of new cloud-based solutions. The growth in cybercrime and the increase in data breaches now mean that businesses must invest significantly in secure platforms. In particular, financial services organizations will need to make sure that they protect any of their customers’ personal information, especially if they intend to provide a third party with data for analysis. Where a third party is processing data on a financial services organization’s behalf, it is the duty of the financial services organization to make sure that the data processor provides sufficient guarantees regarding the security measures in place. The concept of “data security” includes data lost through human error, inappropriate access, technical failure, and acts of God such as fires and flooding. Recently, in the United Kingdom, we have seen the Financial Services Authority impose substantial fines on businesses for breaches in their data security.

There is a growing movement across the globe to ensure that effective data-breach-notification regimes are in place. One of the biggest risks associated with Big Data arises when a data breach occurs. The consequential costs include both the direct cost of immediate investigation, response and notification, and the indirect and long-term costs of reputation damage and business interruption. There will also be costs to third parties whose identities and other personal information have been appropriated and used to their financial detriment. The negligence attributable to the breach could lead to substantial litigation costs. Therefore, serious consideration and management of risk must be taken into account by financial services organizations when considering the cost of dealing with data breaches in circumstances where the transfer of data outside of the corporate network increases the risk of data breaches occurring.


Other Barriers

Privacy and information security laws are not the only threat to Big Data innovation. There are also a number of legal and operational barriers, including issues arising out of the ownership and licensing of intellectual property rights, confidentiality, and regulatory requirements imposed by supervisory authorities. There are also risks associated with the potential liability for relying on Big Data analytics based on improperly appropriated information, in addition to other constraints imposed by the ability of the existing technological solutions to meet the specific requirements of the data holder.


Intellectual Property Rights

Data analytics or data mining will often involve the wholesale copying of information or databases, all of which will be protected by intellectual property rights in relevant jurisdictions. It will be important for financial services organizations undertaking data analytics to ensure that they have the necessary rights to undertake the relevant processing. This type of legal barrier has traditionally been less of an issue for financial services organizations processing internal business data. However, in the increasingly connected world, financial services organizations are now adding third-party data as part of their analytics. There are complicated issues arising out of “fair use” or “fair dealing” of copyrighted work, and this is a common area where technology is regularly in conflict with the law. Financial services organizations therefore need to be aware of, and careful about their use and distribution of, intellectual property.


Confidentiality and Regulatory Requirements

There will also be confidentiality and regulatory issues to address when undertaking Big Data analytics. Any information that relates to a third party that is subject to Big Data analytics is likely to be confidential information. Financial services organizations will therefore need to ensure that they comply with their obligations and that any use of such data does not give rise to a breach of their confidentiality or regulatory obligations. The furor around insurance organizations selling the personal details of customers to claims-management companies serves as an example of the issues faced by insurance companies trying to obtain value from their underlying business data. Moving forward, Basel II and Solvency II place significant requirements on the systems and controls in place. Solvency II, for example, requires that every relevant insurer will be required to have an effective system of governance, which provides for the sound and prudent management of its business. Any Big Data analytical solution will have to adhere to this effective system of governance in order to improve transparency and auditability and allow for an executive oversight of risk.


Liability Issues

There is a clear opportunity for Big Data to allow financial services organizations to improve their various models and make significant financial savings by gaining an advantage over their competitors and improving their own pricing models. However, there is the danger of misinterpreting the information produced and liability may arise where reliance is placed on that information. It has been suggested that simply because Big Data contains an enormous amount of information does not mean that it reflects a representative sample of the population. This is a factor that financial services organizations will have to take into account when looking at using Big Data in analytical models and ensuring that any reliance placed upon the output comes with relevant disclaimers attached.


Technology Solutions

One of the biggest traditional barriers to Big Data innovation was the inability of technology to meet the requirements of the business for undertaking data analytics. As business data have exponentially increased, it became clear that existing technological solutions were inadequate to undertake business analytics effectively. As any chief information officer of a financial services organization will tell you, business data are held on numerous legacy information technology systems with a variety of interfaces and differing information standards or formats. The cost of migrating these data to new systems is significant, and the risk of loss, damage, or destruction is extremely high. However, as new technology develops and software interoperability improves, the ease of consolidating these data into one structured database has improved significantly. We are therefore at the stage where technology is no longer presenting a major barrier to innovation.


The Road to Recovery

It is clear that Big Data presents an opportunity for the financial services sector to increase competitiveness and promote innovation and growth. The underlying information derived from Big Data analytics also has the power to improve decision making and contribute to a more efficient product design. It will therefore be important for all those in the financial services sector to understand these opportunities to secure their competitive edge. There are a number of barriers to overcome when dealing with Big Data solutions, and while some of these relate to privacy and information security, there are also wider legal and regulatory issues to consider. However, as long as the risks are understood and proactive procedures are implemented to address them, there should be an exciting future for Big Data innovation in the financial services sector.


Fall 2017 Spring Meeting
2017 Eurpoe Forum
2017 Fall Meeting



  • Call for Articles

  • Contact Us

  • International Law News


  • Editor-in-Chief

  • Deputy Editors

  • Sample Issues