There and back again: how target market determination obligations for financial products may incentivise consumer data profiling

ABSTRACT Increasingly precise data profiling of consumers is one of the drivers of profit for the financial industry in the digital age. However, data profiling may also bring about harm to consumers, ranging from data breaches to unfair pricing, digital manipulation, discrimination and exclusion of vulnerable consumers, which is particularly problematic in financial services context due to the consequences it has on consumers’ access to financial products. The focus of this article are target market determination (TMD) obligations for financial products and their interplay with data protection rules. It asks if financial product governance rules, requiring TMD and distribution of products within the target market, may further incentivise data profiling of consumers by financial services providers. I analyse this issue looking at two sets of rules applicable to financial firms in Australia: (1) the new financial products governance rules, which came into force in October 2021, and (2) the data protection rules: Australian Privacy Act 1988 and the GDPR. If these frameworks fail to strike a balance between (surprisingly) competing interests of consumer protection regarding the provision of appropriate financial products and the use of consumers’ data in digital profiling, the new rules may backfire, resulting in unintended consumer harms.