A Contextual Methodology for Regulating the Credit Information Sharing System

Since its emergence in December 2019, there have been more than 20 million COVID-19 infections worldwide, with at least five million confirmed cases in the United States (Roser et al., 2020). Individuals and business entities suffered severe loss of revenues and disrupted supply chains due to industry shutdowns and restrictions on movement and commerce. Policymakers have recently discussed the impact of the COVID-19 on performing borrowers’ ability to meet their scheduled payments, and how missed payments associated with the economic crisis should be treated in the credit reporting system (World Bank, 2020). The International Committee on Credit Reporting (ICCR) holds the view that payment delays, created under forbearance or deferred payment arrangements due to a crisis, should be submitted with the necessary safeguards to ensure minimal effect on a good borrower’s credit report and score. In the United States, the Coronavirus Aid, Relief, and Economic Stimulus (CARES) Act amends the Fair Credit Reporting Act to allow lenders who have made payment adjustments for their borrowers to report those accounts as “paid as agreed.” (Turner, 2020).

Against this background, in a recent article published in the Southern California Interdisciplinary Law Journal, we introduce a personalized scheme designed to regulate sharing, scoring, and use of personal data which is grounded on three separate categories: individuals, markets, and the state. We undeniably accept the significance of credit information sharing practices as an essential condition for engaging in valuable exchanges required to enhance aggregate welfare. However, taking into consideration the substantial risks for privacy rights and regressive distributional effects involved in those practices – which are prone to escalate during the pandemic – we argue for extending protection of consumer rights by adopting a nuanced approach.

A. The Individual

While the standard practices of data sharing are justified by efficiency considerations, such as fostering competition among lenders and lowering interest rates, they also involve risks to privacy rights and unjustified distributive outcomes. To tackle this divergence, we suggest that the regulatory arrangements regarding permissible practices in the credit data sharing system should be designed following three interrelated considerations: 1) the identity of the credit consumer and her personal and socio-economic backgrounds, 2) the purpose for which the consumer asks for credit provided by the lender, and 3) the complexity of a given credit transaction.

For instance, Chapter 3 of the General Data Protection Regulation (2016) (hereinafter: “GDPR”) designed some safeguards to ensure the “fair and transparent processing” of personal data, including an obligation that firms provide “meaningful information about the logic involved” in particular types of highly automated decision-making systems. Many consider the GDPR’s “right to an explanation” as a promising new device for supporting fairness, accountability, and transparency in different types of machine learning systems adopted by firms globally (For a comprehensive discussion, see, e.g., Casey, Farhangi and Vogl, 2019).

In our view, the scope of the right to an explanation should be dependent on the socio-economic background of the credit consumer. To empower consumers with significant rights concerning the collection and use of their data, a more sensitive method is required. Regulators should consider the exact type of each piece of information and how its wrongful processing and use will affect the living conditions of consumers in low-socioeconomic status groups (hereinafter: “low-SES group”). In case there is clear evidence that collecting and using specific data will gravely affect the livelihood of low-SES groups, further burdens and responsibilities should be imposed on data processors wishing to receive the consent of these consumers for data sharing practices.

This approach is justified by recent empirical studies which reveal that Americans with lower income and education levels are fully aware of a range of digital privacy-related harms that could influence their financial, professional, or social well-being. Many of those who feel most vulnerable to data-related harms also feel that it would be challenging to find the strategies necessary to better protect their personal information online against privacy abuses (Madden, 2017Madden et al., 2017).

B. The Market

Consumer reporting agencies (CRAs) play an essential role in the U.S.’s financial information market. These agencies collect, process, and analyze financial information received from various furnishers to create consumer reports and credit scores (Osovsky, 2013). We propose that the law should regulate the relations between these companies and their retail investors through corporate and tax laws with a consideration towards providing adequate privacy protection for credit consumers’ information. Generally, directors and management are required by law to enhance shareholder value exclusively, without pursuing the interests of stakeholders, such as employees, consumers, or the public (Dodge v. Ford Co., 170 N.W. 668, 684 (Mich. 1919)). Recently, David Yoshifon (2018) argued that the rule of shareholder primacy should not be followed, and has to be replaced by formal and non-formal norms that compel directors of US corporations to manage firms in a socially responsible way. We demonstrate that to incentivize directors to examine any threats to the privacy of credit consumers consistently, the law should require directors to consider the impact of corporate decision-making on multiple stakeholders. To afford protection of consumers’ privacy rights, the law should provide a direct cause of action against directors of CRAs for not providing adequate protection for borrowers’ privacy rights.

Tax law may also indirectly assist in protecting consumers’ privacy and avoiding material errors in consumers’ credit report. Scholars have extensively discussed the possibility of incentivizing corporations to perform social responsibility and contribute funds to the community by granting them different tax benefits. Governments could construct different tax benefits to incentivize credit bureaus and financial institutions to protect the privacy of credit consumers and to minimize mistakes in credit reports. Specifically, we propose that governments should incentivize CRAs with tax benefits that may be claimed if the amount of consumer complaints of mistakes in their credit reports is under a certain threshold.

C. The State

We discuss ex-post private and public enforcement strategies for the protection of consumer privacy rights in the credit data sharing market (Boehm, 2015). We advocate a regulatory approach that strikes an appropriate balance of powers between regulatory agencies based on the relative effectiveness of ex-ante rule-making and ex-post public enforcement strategies. In our view, there is an essential link between the ex-ante and ex-post strategies for protecting the rights of credit consumers. Policymakers should closely examine the effectiveness of ex-ante and ex-post approaches under different branches of laws, and design arrangements on processing, scoring, and use of personal financial information accordingly.

To ensure a fair balance between protecting consumers’ privacy rights and enabling efficient practices of personal credit data sharing, enforcement mechanisms should be designed according to their relative effectiveness. If ex-ante strategies fail to provide adequate protection for data sharing privacy, more comprehensive and vigorous ex-post strategies should be adopted. Likewise, in cases where ex-post strategies provide optimal deterrence against privacy violations, more lenient measures should be implemented ex-ante to prevent privacy violations. This approach may increase trust and cooperation among different regulatory agencies, since the operation of a specific regulatory authority depends on the relative effectiveness of interrelated agencies.


Our article proposes a novel regulatory design that is grounded on our reconceptualization of the individual’s, markets’, and state’s role in structuring an appropriate balance between fairness and efficiency in credit reporting. Moreover, our approach can help create an optimal equilibrium synergy of regulatory networks. Considering the risk that the global health emergency will exacerbate unjust distributive outcomes and severe privacy violations involved in the practices of credit data sharing, embracing this personalized methodology will provide the safeguards required to ensure credit consumers’ well-being.


Dr. Leon Yehuda Anidjar holds a doctoral degree in Law from The Hebrew University of Jerusalem and is currently a doctoral candidate at the Rotterdam School of Management, Erasmus University.

Ms. Inbar Mizrahi-Borohovich is a doctoral candidate at the Federmann School of Public Policy and Government at the The Hebrew University of Jerusalem.

This post is adapted from their paper, “Reinventing Credit Data Sharing Regulation,” available on SSRN.

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *