CIPL’s Financial Services Project focuses on advancing data protection, privacy, and responsible data use in the evolving financial ecosystem. Through collaboration with regulators, banks, fintech companies, and other key stakeholders, the project develops practical policy solutions and thought leadership that support compliance, innovation, and consumer trust. With a strong emphasis on enabling digital transformation, AI adoption, and secure data flows, the project helps financial institutions and fintechs navigate complex global privacy requirements while staying competitive in a data-driven market.
Since its launch, CIPL’s Financial Services Project has brought together global banks, fintech innovators, regulators, and policymakers to address the challenges and opportunities at the intersection of privacy, data protection, and financial innovation. This timeline highlights key milestones, thought leadership, and collaborative efforts that continue to shape responsible data practices and regulatory frameworks in the financial services sector.
2023
We published our paper Digital Assets and Privacy which explores the critical intersection between data privacy and emerging digital asset technologies, including blockchain and decentralized finance (DeFi). As digital assets become more integrated into the financial ecosystem, this discussion paper highlights the unique privacy challenges posed by decentralized, immutable systems and the complexities of aligning them with global data protection laws like the GDPR. The paper calls for greater collaboration between financial and privacy regulators to ensure that digital asset frameworks are both innovative and privacy-compliant.
With a global outlook, CIPL emphasizes the importance of regulatory consistency across borders and offers actionable recommendations for developing pragmatic, future-ready privacy and data governance solutions. Designed for policymakers, financial institutions, and tech innovators, this paper supports the responsible growth of digital assets in a privacy-conscious world.
2024
On December 7th, 2023, the Court of Justice of the European Union (CJEU) ruled that SCHUFA, a credit rating agency, played a “determining role” in a lender’s decision to deny a loan application. The CJEU found that SCHUFA’s role, i.e. providing credit scores, qualified as a “decision” under Article 22 of the GDPR. The court also determined that SCHUFA was better positioned to provide “meaningful information,” including the logic behind the automated decision-making process, to fulfill the data subject’s access rights under Article 15 of the GDPR.
We published our paper Decoding Responsibility in the Era of Automated Decisions: Understanding the Implications of the CJEU’s SCHUFA Judgment to provide overview of the judgment, and examine its potential implications and practical consequences for the financial services industry.
The paper concludes that the SCHUFA ruling should be interpreted narrowly, focusing on the specifics of the case to avoid untenable and inconsistent outcomes. Finally, it provides guiding questions for organizations using automated decision-making to help assess how their processes and business models differ.
2025
Our webinar on Regulatory Coherence – How Privacy and Financial Services Can Work in Practice brought together financial services regulators and industry leaders to explore:
- Practical examples of how Privacy and Financial Services Regulators have worked together to address potential areas of conflict/inconsistency between privacy and financial services regulation.
- How privacy-by-design can form part of effective financial services processes and data use.
- Why and how engagement with the private sector is critical to ensure an effective regulatory approach.
The work of our Financial Services Project can be summarized by three core goals:
Drive Responsible Innovation in Financial Services
-
Partnering with banks and fintech companies to shape privacy-respectful innovation strategies
-
Providing thought leadership on emerging tech like AI, blockchain, and digital assets in finance
-
Facilitating dialogue between industry and regulators to balance risk, trust, and innovation
Shape Global Privacy and Data Governance Standards
-
Developing practical policy recommendations tailored to global financial services
-
Advocating for interoperable and risk-based regulatory models across jurisdictions
-
Engaging with international data protection authorities to promote consistent implementation
Build Trust Through Compliance and Ethical Data Use
-
Guiding firms on embedding privacy by design and data ethics into products and services
-
Offering expert insights on consent, transparency, and accountability in digital finance
-
Promoting responsible data practices that foster long-term customer loyalty and brand integrity
CIPL Response to the US House Financial Services Committee on Current Federal Consumer Financial Data Privacy Law and Potential Legislative Proposals
Decoding Responsibility in the Era of Automated Decisions: Understanding the Implications of the CJEU’s SCHUFA Judgment
On December 7th, 2023, the Court of Justice of the European Union (CJEU) ruled that SCHUFA, a credit rating agency, played a “determining role” in a lender’s decision to deny a loan application. The CJEU found that SCHUFA’s role, i.e. providing credit scores, qualified as a “decision” under Article 22 of the GDPR. The court […]
Digital Assets and Privacy
This CIPL paper argues that effective regulation of blockchain technologies requires cooperation and collaboration between authorities dealing with data, particularly, financial conduct, competition and data protection authorities. On the basis of this, the paper makes the case that better regulation of digital assets requires the setting of realistic and achievable goals which stem from dialogue […]
