PRESS RELEASE: New report reveals how the growing financial technology sector analyses your smartphone habits to decide if you are loan worthy

Key Points

  • Privacy International conducted fieldwork in India and Kenya to understand how developments in the financial technology sector, known as ‘fintech’, affect the privacy of citizens.
  • Our research finds there has been a massive increase in the quantity and scope of consumer information gathered by financial institutions. This expansion has been largely unchecked, particularly in developing countries, while serving the interests of companies and industries, which are mostly located in developed countries.
  • These new sources of information are increasingly being used to inform financial decisions about people. Seemingly irrelevant data, such as text messages and call logs, are now being considered to justify a consumer’s suitability for various financial products, including loans.
  • If current trends continue, PI believes it will become increasingly difficult — and eventually impossible — for people to use financial services without having to allow access to the most intimate information about themselves.

Read the report here:


Privacy International has today released a report outlining how the emergent ‘financial technology’ (fintech) sector poses significant risks to privacy and other fundamental rights. Using research that analyses the India Stack initiative, built upon the Aadhaar identification number in India, and credit scoring apps and services in Kenya, the report examines how financial decision-making has been transformed to encompass information that was traditionally irrelevant to the financial sector, such as social media usage and smart phone habits.

The report also highlights how the use of these new data sources to justify financial judgments about individuals has serious legal and ethical consequences.

Privacy International Research Officer and report author Dr Tom Fisher said:

“Technology is bringing an unprecedented level of change to financial services. But it seems the privacy implications of these changes have not been acknowledged by industry, funders, governments, or regulators. The fintech sector is using vast sources of our personal information to create our financial identity — data from our spending, our social networks, our phones. The sector must begin to recognise the risks and harms are emerging from its work, particularly in parts of the world with limited or non-existent data protection legislation. We need governments and regulators to ensure that advancements in fintech do not violate privacy.”

Privacy International is calling on governments, companies, and actors in the financial technology sector to:

  • Ensure that consumers’ rights to privacy, equality, and non-discrimination are respected, through comprehensive legislation and regulation.
  • Ensure that fintech initiatives empower individuals to have meaningful access to and control of their information.


The term ‘fintech’ has been defined by PricewaterhouseCoopers as “a dynamic segment at the intersection of the financial services and technology sectors where technology-focused start-ups and new market entrants innovate the products and services currently provided by the traditional financial services industry.” It covers an array of sectors and technologies, including alternative credit scoring, Insurtech and Regtech. The reach is global — a survey by Ernst & Young found the use of ‘fintech’ by consumers with access to the Internet in developing markets including Brazil, India, China, Mexico and South Africa, was considerably higher than the global average.

Privacy International will speak about the report findings at the LAVITS conference in Chile on 30 November.