NewYorkUniversity
LawReview

Issues

Author

Vlad A. Hertza

Results

Fighting Unfair Classifications in Credit Reporting: Should the United States Adopt GDPR-Inspired Rights in Regulating Consumer Credit?

Vlad A. Hertza

Access to consumer credit is essential to accumulate wealth. The use of big data and machine learning in assessing creditworthiness can be a great opportunity to generate more accurate credit reports and improve access to credit. However, so far, lenders have used big data and machine learning to generate profits, developing algorithms that unfairly classify consumers. Racial and other protected minorities are disproportionately affected by these practices. Consumer credit is regulated in the U.S. mainly under the Fair Credit Reporting Act (FCRA) and the Equal Credit Opportunities Act (ECOA). These statutes are inadequate to regulate lenders, credit reporting agencies (CRAs), and data brokers which use big data and machine-learning algorithms to assess consumers’ creditworthiness. Noticing recent international developments, this Note proposes the General Data Protection Regulation (GDPR), an industry-agnostic data privacy law passed by the European Union (EU), as a model for consumer credit reform. Concretely, the Note proposes expanding consumer credit regulation from CRAs to all actors involved in the processing of consumer data, as well as granting consumers the right to access their data, have it corrected, moved to a different processor, or erased. Furthermore, these rights should be backed by the recognition of a property-like interest in personal data. Part I describes the prevailing use of big data and machine learning in consumer credit, exposing some of the major issues of the consumer credit industry. The Part ends with an overview of the current regulatory regime. Part II explores how the use of big data and machine learning erodes consumer protections, showing how the current regulatory regime fails to adequately protect consumers. Part III introduces the GDPR, an industry agnostic data protection regulation adopted by the European Union, as a model for reforming consumer credit regulation in the United States. The Part proposes three ways in which the GDPR can improve the FCRA and the ECOA, and addresses a number of potential counterarguments.