The European Banking Authority (EBA) has published a report setting out its conclusions following an assessment of innovative uses of consumer data by financial institutions. The report looks at both risks and potential benefits of this innovation and identifies a number of requirements under EU law applying to financial institutions, which mitigate many of the risks identified by the EBA.

The EBA notes that the General Data Protection Regulation provides a comprehensive legal framework on the processing of personal data applicable to all providers that process personal data of EU individuals, and financial institutions are expected to take all necessary measures to comply with its provisions by the date of its application (25 May 2018). The EBA, therefore, concludes in the report that no additional industry-specific legislative interventions are required at this stage, but, given the growth potential of this innovation, it will continue to monitor its evolution.

View EBA publishes report on consumer data and identifies a number of applicable requirements under EU law, 28 June 2017