ScienceDirect

KES_Krystyna Nizioł_The challenges of consumer protection law connected with the development of art
ScienceDirect
KES_Krystyna Nizioł_The challenges of consumer protection law connected with the development of art
Procedia Computer Science 00 (2021) 000–000
Procedia Computer Science 00 (2021) 000–000 www.elsevier.com/locate/procedia
Available online at www.sciencedirect.com www.elsevier.com/locate/procedia

ScienceDirect
Procedia Computer Science 192 (2021) 4103–4111

25th International Conference on Knowledge-Based and Intelligent Information & Engineering

25th International Conference on Knowledge-Based
Systems and Intelligent Information & Engineering
Systems
The challenges of consumer protection law connected with the
The challenges of consumer protection law connected with the
development of artificial intelligence on the example of financial
development of artificial intelligence on the example of financial
services (chosen legal aspects)
services (chosen legal aspects)
Krystyna Nizioł*
Krystyna Nizioł*
Faculty of Law and Administration of the University of Szczecin, Narutowicza 17A, Szczecin 70-240, Poland
Faculty of Law and Administration of the University of Szczecin, Narutowicza 17A, Szczecin 70-240, Poland

Abstract
Abstract
The development of an artificial intelligence raises various challenges, not only technological, but also legal and ethical. In the
case development
The of consumer of protection law, intelligence
an artificial the essence raises
of which is tochallenges,
various protect the not
weaker
onlyparty to the transaction,
technological, whichand
but also legal is the consumer,
ethical. In the
they of
case may concern protection
consumer various issues. These
law, the include
essence informing
of which is tothe consumer
protect that heparty
the weaker is interacting with suchwhich
to the transaction, systems. Theconsumer,
is the research
intention
they may undertaken in thisissues.
concern various study is to answer
These includetheinforming
followingthe research questions.
consumer that heFirst, will the use
is interacting withof such
artificial intelligence
systems. create
The research
new threats
intention to consumers,
undertaken in thisespecially
study is toin answer
the financial market, research
the following and if so,questions.
what are they.
First,Secondly, will
will the use ofthe use of intelligence
artificial AI in transactions
create
necessitate
new threatsenhanced consumer
to consumers, protection,
especially in theand if so, to
financial what extent.
market, Thewhat
and if so, study
arefocuses in particular
they. Secondly, willonthe
consumer
use of AIprotection in the
in transactions
financial market,
necessitate as innovation
enhanced consumer in financial and
protection, services
if so,istolinked to artificial
what extent. The intelligence.
study focuses in particular on consumer protection in the
The studymarket,
financial uses theasdogmatic
innovation - legal and comparative
in financial services ismethods.
linked to artificial intelligence.
The study uses the dogmatic - legal and comparative methods.
© 2021 The Authors. Published by ELSEVIER B.V.
©
© 2021
This
2021 The
is an Authors.
open
The accessPublished
Authors. by
by Elsevier
article under
Published B.V.B.V.
the CC BY-NC-ND
ELSEVIER license (https://creativecommons.org/licenses/by-nc-nd/4.0)
This is an
This is an open
Peer-review open access
access
under article under
article under
responsibility the scientific
of the CC BY-NC-ND
CC BY-NC-ND
committeelicense
license (https://creativecommons.org/licenses/by-nc-nd/4.0)
(https://creativecommons.org/licenses/by-nc-nd/4.0)
of KES International
Peer-review under responsibility of the scientific committee of KES International.
Peer-review under responsibility of the scientific committee of KES International
Keywords: artificial intelligence, financial services, consumer protection law.
Keywords: artificial intelligence, financial services, consumer protection law.

* Corresponding author. Tel.: +48 91 444 28 48

* Corresponding krystyna.niziol@usz.edu.pl
E-mail address:author. Tel.: +48 91 444 28 48
E-mail address: krystyna.niziol@usz.edu.pl
1877-0509 © 2021 The Authors. Published by ELSEVIER B.V.
This is an open
1877-0509 access
© 2021 Thearticle under
Authors. the CC BY-NC-ND
Published by ELSEVIER license
B.V.(https://creativecommons.org/licenses/by-nc-nd/4.0)
Peer-review under
This is an open responsibility
access of the scientific
article under CC BY-NC-NDcommittee of KES
license International
(https://creativecommons.org/licenses/by-nc-nd/4.0)
Peer-review under responsibility of the scientific committee of KES International

1877-0509 © 2021 The Authors. Published by Elsevier B.V.

This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0)
Peer-review under responsibility of the scientific committee of KES International.
10.1016/j.procs.2021.09.185
4104 Krystyna Nizioł et al. / Procedia Computer Science 192 (2021) 4103–4111
2 Krystyna Nizioł / Procedia Computer Science 00 (2021) 000–000

1. Introduction

We are all consumers. According to the legal definition included in Art. 221 of the Civil Code: "A consumer is a
natural person who performs a legal transaction with an entrepreneur not directly related to his business or
professional activity." [2] Therefore, each natural person carries out various transactions as a consumer, including in
the financial market. Consumers more and more often in connection with concluded transactions have contact with
artificial intelligence systems, which have been developing very dynamically in the recent period. Artificial
intelligence is increasingly used in transactions involving consumers. At the same time, consumers are the weaker
party to the transaction, as they are not professional participants in the economic turnover. A characteristic feature of
transactions to which consumers are parties is the asymmetry of information and market power. Entrepreneurs who
are the other party to the transaction have a market advantage because, as professional entities, they have more
knowledge and experience, as well as market information. This advantage also applies to their market power [30].
The purpose of consumer protection law is precisely this different market situation of consumers and entrepreneurs,
caused by market asymmetry. The emergence of artificial intelligence may create new threats for consumers, as its
intensive development in the recent period creates various challenges, including those relating to various branches of
law. They also concern consumer protection law. The question arises whether the development of artificial
intelligence may also pose a threat to consumers. If so, whether in order to protect consumers against these risks,
should the consumer protection law be amended so as to strengthen their protection in this respect. The concept of
"artificial intelligence" is difficult to define. By way of example, it can be defined as "a branch of computer science
dealing with the construction of machines and algorithms, the operation of which has the hallmarks of intelligence."
[40]
Therefore, the research intention undertaken in this paper is to answer the following research questions. First, will
the use of artificial intelligence create new threats to consumers, especially in the financial market, and if so, what
are they. Second, will the use of AI in transactions make it necessary to strengthen consumer protection, and if so, to
what extent. The study focuses in particular on consumer protection in the financial market, as innovation in
financial services is linked to artificial intelligence. Additionally, some financial services are hybrid in nature, which
makes them very complicated (e.g. polysolokaty) [26]. As a result, consumers may encounter complex financial
services, the essence and risks of which they are unable to comprehend. The use of artificial intelligence for
financial services can make the situation for consumers even more difficult. Not only will they have contact with
complex, hybrid financial services, but also artificial intelligence can participate in them. That is why it is so
important to identify the threats that the use of artificial intelligence may pose to consumers in the financial market.
The subject matter is related to the sector of advanced technologies, which concern, inter alia, areas such as
aerospace, robotics, electronics, nuclear physics, biotechnology and pharmaceuticals, telecommunications and
media, and computer science [41]. The issue of artificial technology and its normative effects is the subject of
activities undertaken in EU law. Of course, the importance of new artificial technologies as an innovative factor is
also emphasized [32].
The importance of the analyzed issues is also confirmed by the fact that also at the European Union level, actions
are taken to protect consumers in the case of automated decision-making processes. The resolution of the European
Parliament made it clear that consumer welfare requires that the innovative potential of an automated decision-
making system (e.g. virtual assistants and virtual advisers) is linked to their being properly informed about, how the
system works, how to reach people with decision-making powers and how you can control and correct decisions
made by the system [9]. Therefore, it can be concluded that one of the challenges for the consumer protection law
related to artificial intelligence will be precisely to provide consumers with reliable information about these systems,
so that in the event of contact with artificial intelligence, they make consumer decisions aware of their
consequences.
The study uses the dogmatic-legal and legal-comparative methods.
 Krystyna Nizioł et al. / Procedia Computer Science 192 (2021) 4103–4111 4105
Krystyna Nizioł / Procedia Computer Science 00 (2021) 000–000 3

2. Financial services – essence, definition and cyberthreats

Financial services are taken on the financial market. It is one of the markets functioning in the economy. In the
literature, financial market is defined as one on which transactions involving financial instruments are made or as
"total transactions in securities, which are instruments for granting short-term, medium and long-term loans" [17,
20]. The financial market is a specific market on which money flows from suppliers to buyers. It means that this
market should be subject to a separate legal regime, including in terms of supervision and organization by the state
[23]. The Act of 21 July 2006 on supervision over the financial market [1] did not define the financial market. On its
basis, however, it is possible to distinguish specific segments of the financial market that are subject to the
supervision of the Polish Financial Supervision Authority, banking, insurance, pension and capital markets. The
specificity of the financial market also determines the subject of transactions made on it, which are financial
services. The financial services are defined as „services provided by financial institutions, which are also
professional participants of the financial market, which, as part of their business activities, provide services to both
professional and non-professional market participants, including consumers" [38]. The term "financial services" was
used by the legislator in Chapter 5 of the Act of 30 May 2014 on consumer rights, entitled: "Distance contracts for
financial services", also without defining this concept [4]. Only in Art. 4 sec. 2 of this document stated that the Act
does not apply to contracts relating to financial services and lists examples of types of financial services (e.g.
banking activities). There are entities on the financial market whose market power, knowledge and capital level are
different. On the one hand, there are professional entities (mainly financial institutions) that have these resources,
and on the other hand, they are entities, both public and private (including consumers), using financial services
provided by those institutions that do not have such extensive knowledge [30].

3. Artificial intelligence – legal aspects, with particular emphasis on consumer protection law (the problems
signalled in the literature)

The intensive development of artificial intelligence in the recent period has created many problems, also of a
legal nature [44]. They should be signalled briefly. Their comprehensive analysis would exceed the scope of this
study. Therefore, only the subject matter was indicated, which is analyzed in the literature in relation to the legal
aspects related to artificial intelligence systems. On the other hand, the focus is on the main research goal of this
study, i.e. identifying threats to financial market consumers related to artificial intelligence and the necessary
changes in consumer protection law that they cause. In the legal sciences literature, the challenges posed by the
development of artificial intelligence are indicated. In the first place, general problems concerning the legal aspects
of the development of artificial intelligence were pointed out. Then, it focused on the consequences of its
development for consumer protection law, especially in the financial market.
The first area is the issue of liability for damages for activities related to artificial intelligence. This applies, for
example, to the responsible entities and policies liability for damages in the case of autonomous cars [14, 24, 25].
By way of example, the literature indicates that in the case of autonomous vehicles in Polish law there are no legal
obstacles to, as a rule, liability for damages caused by such autonomous cars "by the same entity responsible as in
the case of vehicles currently driving on the road - i.e. the car owner, except that his liability should always be based
on the strict principle (no derogation from fault-based liability)." [25] There is no doubt that automation, and thus
also the participation of pieces of intelligence, is one of the trends that also affect vehicles. It is pointed out that
different levels of automation are possible for cars. They concern, inter alia, the automotive industry itself. In
practice, on the other hand, there are six levels of automation, ranging from zero (no driver support whatsoever) to
level five (all activities are performed without any human intervention, but the driving behavior is supervised [24]. It
should be noted that the presented classification of vehicle automation degrees requires specific regulations
regarding the liability of autonomous vehicles for damages related to their movement. It is a practical issue that
requires specific legal regulations. They concern, inter alia, issues such as the development of liability rules for
damage caused by the traffic of these vehicles, depending on the level of their automation [25]. As J. Kuźmicka-
Sulikowska points out, referring to the Polish regulations: "there are no legal obstacles as to the principle of liability
for damages caused by fifth-level autonomous cars of the same responsible entity as in the case of vehicles currently
4106 Krystyna Nizioł et al. / Procedia Computer Science 192 (2021) 4103–4111
4 Krystyna Nizioł / Procedia Computer Science 00 (2021) 000–000

driving on the road - that is, the owner of the car, but his liability should always be based on the strict principle
(without derogation from fault-based liability). " [25].
Apart from the issues related to the responsibility for the movement of autonomous vehicles, the literature also
analyzes an issue such as the definition of an autonomous vehicle. Accordingly, there are two types of autonomous
vehicles (i.e. connected vehicles and non-connected vehicles). The difference between them comes down to that,
unconnected vehicles use for automated movement of the entire set of sensors and cameras, lasers, etc., while
connected vehicles use only with technology that allows collecting information about the environment through
communication with other vehicles. " [14].
An interesting topic is also the analysis of the profiling of consumers' personal data based on data processed by
an autonomous vehicle [31]. In the so-called In the e-Privacy Directive, profiling is defined as "profiling means any
form of automated processing of personal data, which consists in the use of personal data to assess certain personal
factors of a natural person, in particular to analyze or forecast aspects related to the effects of work of that natural
person, his economic situation, health, personal preferences, interests, reliability, behaviour, location or movement"
[37]. The problem of profiling used in relation to consumers is also present in the legislative work taking place at the
EU level. By way of example, it can be indicated that the regulations on the display of personalized prices included
in the amendment to Directive 2011/83/EU [31]. In addition, the proposed draft Digital Services Code of December
15, 2020 specifies information obligations regarding the display of personalized advertisements [31,33]. As A.
Nowak, M. Węgłowska, M. Gapsa indicate: “The analysis of Directive 2005/29 / EC on unfair commercial practices
has shown gaps that can be eliminated only with the help of a legislative initiative at the European Union level. In
particular, the applicability of aggressive commercial practices in the context of personalizing the advertising
message is too limited." [31]
Another issue signalled in the literature related to the development of artificial intelligence is consumer privacy
online [42]. By way of example, it can be pointed out that in the United States this issue is regulated in the state of
California, as well as in other states [7, 43]. The regulations introduced, for example, in the state of Virginia
concern, inter alia, the limitation of the seller's ability to scan identification documents (e.g. driving licenses) clearly
to specific situations. These include situations such as, for example, verification of the identity of the buyer who
pays for purchases in a non-cash manner or requests a refund or replacement of goods [6]. Of course, the so-called
EU the e-Privacy Directive, which regulates the protection of individuals with regard to the processing of personal
data and the provisions on the free movement of personal data (Article 1 item 1) [37].
The literature also indicates that one of the current issues regarding the regulation of artificial intelligence is the
status of the electronic person and the consumers [8]. This is related to the legislative actions taken in EU law,
which is currently expressed in the Resolution of the European Parliament 2015/2103 (INL) of 16/02/2017, which
includes recommendations to the Commission regarding civil law provisions on robotics [18]. They show, inter
alia, that the development of artificial intelligence should develop with respect for privacy and security. As A.
Anusz points out, the use of the concept of a consumer by the European legislator in the present Resolution
"determines the legal relationship in relations with robots with artificial intelligence. On the one hand, it is natural,
because EU legislation grants extensive protection to consumers. "On the other hand, the use of the concept of a
consumer is not necessarily "justified by the interest of the person using the activities performed by a robot with
artificial intelligence." [8]
Referring directly to the issues related to the use of artificial intelligence in the financial sector towards financial
market consumers, the following issues should be indicated.
In the case of the financial sector, the term FinTech is usually used, which refers to various technological
solutions related to finance. These include, among others, financial services such as retail banking, mobile banking,
payments. There are also specific risks associated with this sector. They concern, among other things, the
acceleration of financial transactions and the growth of cyberattacks. The development of the FinTech sector also
has specific consequences for consumers in the financial market. They are related to, among others, cybersecurity
and information protection [22]. An issue that should also be emphasized in connection with the use of artificial
intelligence in the FinTech sector is the risk that consumers will not understand artificial intelligence systems due to
their complexity. The difficulty of the current understanding and analysis of these processes by their user may be
caused, for example, by the fact that "machine learning technique deep-learning is difficult to interpret due to the
 Krystyna Nizioł et al. / Procedia Computer Science 192 (2021) 4103–4111 4107
Krystyna Nizioł / Procedia Computer Science 00 (2021) 000–000 5

complexity of data processing - while traditional machine learning algorithms are linear, deep learning algorithms
are hierarchical in order of increasing complexity and abstraction, and the data has to go through several layers of
processing" [22]. Nevertheless, defining the FinTech sector is not easy. The literature indicates that two areas can be
distinguished. First, the objective approach, i.e. the area of using modern technology to provide financial services.
Second, it will take on a subject, i.e. as a new sector, industry [22]. A look at the FinTech sector in these two aspects
shows the scale of difficulties related to the protection of financial market consumers against risks related to
artificial intelligence. This sector is not only using new technologies in financial services, which is already a
difficult area of regulation, for example due to the rapid technological progress, but also because of the complexity
and diversification of financial services. If it is considered, for example, that these are banking services or insurance
services, then for each type of service they will be provided by different entities and will also have different
obligations towards the consumer. The addition of issues related to the use of new technologies to the consumer
protection law on the financial market will make these regulations even more complicated. An example is the
introduction of the so-called e-Privacy directive on the protection of personal data, the regulations of which initially
caused many interpretation difficulties. A similar situation may occur in the case of the consumer protection law in
question, which, due to the subject matter of the regulation related to artificial intelligence, may in many cases
concern technological issues.
It should also be mentioned that the literature indicates that the development of the FinTech sector may bring
both positive effects and threats. Benefits include, for example, a reduction in the role of financial intermediaries,
lower transaction costs, more efficient linking of savers and borrowers, and reduction of barriers to entry into the
financial market. These are therefore results related to, inter alia, greater decentralization of financial services, an
increase in financial intermediation services provided by non-financial entities, or increase in efficiency,
transparency, competition in the financial market. On the other hand, the risks associated with the FinTech sector
include, for example, growth and acceleration of financial transactions (the effects of which are currently difficult to
assess), greater use of specific algorithms may result in an increase in cyber attacks, threats related to the protection
of consumer privacy [22]. As a result, three approaches to regulating the FinTech sector can be distinguished. First,
there is an active approach in which regulations concerning this sector are developed in cooperation with this sector
in order to take into account the risks of transactions and to protect consumers. Secondly, a passive approach, which
assumes that the financial market regulator is active ex-post, that is, reacting to the already existing phenomena.
Third, a restrictive approach that is based on the introduction of limits and prohibitions related to new types of
financial services in the FinTech sector [22].
There is no doubt, however, that the role of artificial intelligence in financial services will gradually increase. Not
only due to the growing importance of financial services concluded via internet portals, but also the fact that this
sphere of activity of financial institutions is used to strengthen their competitive advantage on the financial market.
As an example, it is possible to indicate the increasing use of expert systems by banks in the form of an internet bot,
in the form of a multimedia bot (avatar) interface, which is specialized "specialized software that uses artificial
intelligence methods that are based on expert systems." [10]
One of the risks related to the FinTech sector concerns the cybersecurity of financial services, and thus ensuring
protection against cyber attacks. In the preamble to the Cybersecurity Act the cyber threats as a global issue were
highlighted [36]. Therefore there is ,,a need for closer international cooperation to improve cybersecurity standards,
including the need for definitions of common norms of behaviour, the adoption of codes of conduct, the use of
international standards, and information sharing, promoting swifter international collaboration in response to
network and information security issues and promoting a common global approach to such issues.” [13] So, it can be
said, that cyber threats are a problem which needs an cooperation between different states, because only
international at this level will help to combat this threat.
It must be also stressed that that the financial sector in particular is a sensitive area in terms of cybersecurity, as
currently the scale and possibilities of operations performed with the use of ICT systems are increasing. This applies
to both financial transactions made between banks, entrepreneurs, as well as all transactions made via the Internet
[5]. In the literature the importance of cybersecurity in the financial sector is also emphasized. Banks, in particular,
are at risk from hackers (for example they can control the banking network by taking using the hardware, software,
and human vulnerabilities). This can have catastrophic consequences not only for bank customers. The ,,effect of
4108 Krystyna Nizioł et al. / Procedia Computer Science 192 (2021) 4103–4111
6 Krystyna Nizioł / Procedia Computer Science 00 (2021) 000–000

security attacks on the bank includes damages to the bank’s reputation, affecting the stability of the financial market
and influencing share prices.” [34]
In Poland, the Polish Financial Supervision Authority sets standards in the field of ICT security. As an example,
it is possible to point to Recommendation D concerning the management of information technology and ICT
environment security in banks [34]. This document includes 22 recommendations concerning such areas as the
strategy and organization of the information technology and ICT environment security areas, ICT environment
development, maintenance and operation of the ICT environment, ICT environment security management [28, 33].
For example, Recommendation 18 concerning the ICT environment security management system specifies that “A
bank should have a formalized, effective management system security of the ICT environment, including activities
related to identification, estimation, control, prevention, monitoring and risk reporting in this area, integrated with
the overall management system risk and information security in the bank" [33]. As part of this recommendation, the
need for actions such as, for example, the bank's information security policy, the need to systematically review the
ICT environment management system in order to improve it, use international standards in the field of information
security, or tight integration of the management system security of the ICT environment with an operational risk
management system [33]. It can therefore be concluded that the requirements resulting from the regulation in
question are relatively precise and should ensure safe management of ICT systems in the bank. The problem of
cybersecurity, also in the field of financial services, is also closely related to the regulatory aspect. The current
regulations concerning this matter may in practice influence the effectiveness of the introduced solutions, and thus
determine the level of protection against cyber threats. In the Cybersecurity Strategy of the Republic of Poland, as
one of the detailed objectives, "to achieve the ability to coordinate on a national scale activities aimed at preventing,
detecting, combating and minimizing the effects of incidents violating the security of ICT systems for the
functioning of the state" - the necessity to adapt the legal environment to the needs and challenges of in the field of
cyber security. As indicated in the Strategy, the most far-reaching legal changes are a consequence of the
implementation of the NIS Directive. They concern, inter alia, the need to define cybersecurity requirements in
various sectors of the economy [11].
There are different types of cyber attacks, for example credential theft, malware infection [19]. In connection
with transactions and payments made by consumers, particular attention should also be paid to such risk areas as
data theft, identity theft and taking control of private computers [12].
Of course, consumers of the financial market are also exposed to cyber attacks. Cyber attacks are usually illegal
activities, so they are also cyber crimes. The cyber crime is defined as “any illegal activity that uses a computer as
its primary means of commissions and theft” [36]. There are different types of cyber attacks. Some of them are
connected with the cybersecurity or financial services, for example credential theft, malware infection [19]. In
connection with transactions and payments made by consumers, particular attention should also be paid to such risk
areas as data theft, identity theft and taking control of private computers [12].
Other risks associated with the use of artificial intelligence in financial services include: the emergence of new,
more complex financial services that are difficult to understand and risky for consumers, problems with the
provision of pre-contractual information through new sales channels (e.g. via smart phones that screens are too
small), insufficient information on risks related to financial services, unregulated areas (e.g. automated consulting);
cybersecurity of financial services, unjustified discrimination or exclusion related to the use of big data and the lack
of specific digital skills [27].
The use of artificial intelligence in financial transactions can also have positive effects. As an example, the issue
of credit scoring, which involves the use of artificial intelligence to assess credit risk, can be mentioned. Proper use
of credit scoring allows you to reduce the cost of a financial service. Another area in which artificial intelligence can
be successfully used in the financial sector is counteracting various abuses. For this purpose, machine learning
algorithms can be used, which can, for example, detect the use of certain financial services (for example, credit card
payments or mobile payments). They can detect non-standard events, such as, for example, the non-standard use of
the payment instrument by the consumer. Another area of using artificial intelligence to detect fraud related to
financial services is the implementation of legal obligations regarding anti-money laundering, or systems
investigating internal abuses. Artificial intelligence systems can be used not only to reduce the risk of fraud in
individual entities, but also at the state level (for example, in the field of exchange of information about taxpayers
[39]. Such a system in Poland is STIR (Teleinformation System of the Clearing House), created on the basis of art.
 Krystyna Nizioł et al. / Procedia Computer Science 192 (2021) 4103–4111 4109
Krystyna Nizioł / Procedia Computer Science 00 (2021) 000–000 7

119zha of the Tax Ordinance, the purpose of which is the collection and processing of data in order to determine the
risk index, transfer of data and information about the risk index to the Central Tax Data Register and to the ICT
systems of banks and credit unions, intermediation in the transfer of data, information and requests between Head of
the National Revenue Administration and banks and cooperative savings and credit unions [3].

4. Closing remarks

Undoubtedly, the share of artificial intelligence in various transactions to which consumers are party has been
growing intensively in the recent period. This process also has specific ethical, legal and economic consequences. In
the case of legal consequences, it is therefore necessary to regulate that will adequately guarantee protection for
consumers against the dangers associated with the use of artificial intelligence in transactions to which they are a
party. This study analyzes the challenges that the participation of artificial intelligence may raise in the case of
consumer protection law. The main focus was on financial services. The choice of this type of service was dictated
by factors such as their high degree of complexity, which, even without the participation of artificial intelligence,
may be a challenge for consumers. An additional argument in favor of choosing to analyze financial services was
also the rapidly growing FinTech sector, where various types of financial services are offered to consumers by using
a combination of artificial intelligence systems.
Two research questions were asked in the study.
The first was whether the use of artificial intelligence systems may pose threats (risks) for the consumer on the
financial services market, and if so, what their nature is. When answering the first of these questions, it should be
borne in mind that technological progress means that the development of artificial intelligence also takes place
relatively quickly. Consumer protection law, especially in the financial market where transactions are related to cash
flows, also needs to adapt quickly to these changes. For this reason, it is important to identify potential threats to
consumers that relate to the use of artificial intelligence in the provision of financial services. In the case of financial
services, one can indicate, for example, such risks for consumers resulting from the use of artificial intelligence:
protection of their privacy on the Internet, exposure to cyber attacks, issues of liability for crimes committed with
the use of artificial intelligence. All these risks can have severe consequences for the consumer as they may, for
example, lead to him losing all his money or incurring financial obligations on his behalf without his knowledge. In
the case of financial services, an issue that needs to be clearly emphasized, and which may also be of importance in
the use of artificial intelligence in financial transactions, is the high complexity and diversity of financial services. In
practice, a consumer who is a non-professional entity often uses hybrid services (such as the aforementioned
insurance policies, which combine elements of the contract insurance and investment), the nature of which is
difficult for him to understand at the time of concluding the contract. An additional factor that may be of importance
here is providing the consumer with reliable information about the nature and risks of a given financial service.
Unfortunately, in practice this process is often defective and the consumer does not have such reliable knowledge at
the time of concluding a given contract. All these threats may also appear in the case of the use of artificial
intelligence in financial services, because this element may already complicate the difficult situation of the
consumer. This may concern, for example, the protection of his privacy on the Internet, or providing him with
reliable information by bot (avatar) on the bank's website. Bearing in mind the above considerations, when
answering the first research question, it can be stated that the use of artificial intelligence creates certain, described
above, threats for the consumers of the financial market.
The second research question was whether the use of artificial intelligence in financial transactions requires
strengthening consumer protection, and if so, to what extent it should be taken into account in consumer protection
law. As previously indicated, the threats posed by the use of artificial intelligence for financial market consumers
have partially been identified and consumer protection law is adjusting to the challenges they pose. This applies, for
example, to issues related to the protection of consumer privacy or protection against cyber threats. Due to the
variety of financial services, these regulations should often be included in the acts relating to a given financial
service (e.g. insurance services). Another area of consumer protection law that needs to be strengthened is ensuring
that the consumer has the right to reliable information in the case of financial services that also use artificial
intelligence systems. It should be pointed out that these issues should not only be included in the consumer
4110 Krystyna Nizioł et al. / Procedia Computer Science 192 (2021) 4103–4111
8 Krystyna Nizioł / Procedia Computer Science 00 (2021) 000–000

protection law, but also in other areas of law with which they are related. This is the case, for example, in criminal
law, as cybercrimes usually also have a criminal law dimension. It should also be borne in mind that regulations
related to artificial intelligence, also those relating to consumer protection law, are often of a "technical" nature
because they regulate issues related to technology. This element should also be taken into account when analyzing
the issue in question, as it may additionally hinder their interpretation.
Undoubtedly, the share of artificial intelligence in financial services will continue to increase over time. It seems
that this issue should not only be associated with the threats it may pose to the consumers of the financial market
and the necessary changes to consumer protection law, but also with the need to educate consumers in this regard.
The changes to the law alone, as well as the cybersecurity systems of financial institutions, will not replace the
consumer's caution when concluding financial transactions involving artificial intelligence.

References

[1] Act of 21 July 2006 on supervision over the financial market (Journal of Laws of 2018, item 6 with amendments).
[2] Act of 23 April 1964 Civil Code (Journal of Laws No. 16, item 93, as amended).
[3] Act of 29 August 1997. Tax Ordinance (Journal of Laws of 2020, item 1325, with amendments).
[4] Act of 30 May 2014 on consumer rights (Journal of Laws of 2017, item 683 with amendments).
[5] Al-Alawi, A.I. and Abdulrahman Al-Bassam, S., 2020. The Significance of Cybersecurity System in Helping Managing Risk in Banking
and Financial Sector. Journal of Xidian University 14 (7), pp. 1523-1536.
[6] An Act to amend and reenact Section 59.1-443.3 of the Code of Virginia, relating to personal information privacy; scanning information
from an identification card or driver's license, [S 101] Approved March 31, 2020,
https://custom.statenet.com/public/resources.cgi?id=ID:bill:VA2020000S101&ciq=ncsl&client_md=b9c1b54db697987d988fb2ec668f2f45
&mode=current_text [retrieved 05.05.2021].
[7] An act to amend Section 6254.16 of the Government Code, and to amend Section 2891 of, to amend the heading of Chapter 5
(commencing with Section 8380) of Division 4.1 of, and to add Section 8382 to, the Public Utilities Code, relating to customer privacy,
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375 [retrieved 03.05.2021].
[8] Anusz A., 2019. Legal subjectivity of an electronic person and the development of artificial intelligence in selected areas of consumer law.
Online Legal Review TBSP UJ 2, pp. 42-51.
[9] Automated decision-making processes: ensuring consumer protection and the free movement of goods and services Resolution of the
European Parliament of 12 February 2020 on automated decision-making processes - guaranteeing consumer protection and the free
movement of goods and services, P9_TA (2020) 0032 (2019/2915 (RSP )), European Parliament 2019-2024,
https://www.europarl.europa.eu/doceo/document/TA-9-2020-0032_EN.pdf [retrieved 03.05.2021].
[10] Balicka, H., 2010. Artificial intelligence on the bank's portal, The Financial Bank Monthly 12, pp. 76-79.
[11] Cybersecurity Strategy of the Republic of Poland for the years 2017-2022, 2017.
https://www.gov.pl/documents/31305/0/strategia_cyberbezpieczenstwa_rzeczypospolitej_polskiej_na_lata_2017_-_2022.pdf/f249b627-
4050-a6f4-5cd3-351aa025be09 [retrieved: 21.04.2021] pp. 2-28.
[12] Cyberspace Protection Policy of the Republic of Poland, 2013. Ministry of Digitization and Administration.
[13] Cyberspace security system of the Republic of Poland, 2015. Warsaw.
[14] Czenko M., 2017. Responsibility for damage caused by the movement of an autonomous vehicle in the system of American civil law.
Journal of Student Scientific Circles of the Faculty of Law and Administration of Adam Mickiewicz University 7, pp. 103-116.
[15] Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial
practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the
European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council, (‘Unfair
Commercial Practices Directive’), Official Journal of the European Union L 149/22 of 11.06.2005.
[16] Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive
93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and
Directive 97/7/EC of the European Parliament and of the Council, OJ L 304, 22.11.2011.
[17] Ekanayake, N. K., Miyuranga, R., Karunarathna, H. M., 2020. What is Cybersecurity: The Reality of Modern Treats,
https://www.researchgate.net/publication/338385940_What_is_Cybersecurity_The_Reality_of_Modern_Threats [retrieved: 21.04.2021].
[18] European Parliament resolution of 16 February 2017 with recommendations to the Commission on Civil Law Rules on Robotics,
https://www.europarl.europa.eu/doceo/document/TA-8-2017-0051_EN.html [retrieved: 05.05.2021].
[19] Follow the money. Cyberthreat intelligence for Banking and Financial Services. 2019: pp. 17-26
[20] Frańczuk, M., Gałązka, K., 2014. Theory of Finance, Financial Market, in: A. Paździor (ed.), Finanse. Functioning, institutions and
instruments of the financial market, public finance of enterprises and households, Lublin.
 Krystyna Nizioł et al. / Procedia Computer Science 192 (2021) 4103–4111 4111
Krystyna Nizioł / Procedia Computer Science 00 (2021) 000–000 9

[21] Harasim, J., Mitręga-Niestrój, K., 2018. FinTech – definitional dilemmas and drivers of growth. Research Papers of Wrocław University of
Economics 531, pp. 169-179.
[22] Kabza, M., 2017. Financial services consumer protection FinTech, in: L. Gąsiorkiewicz, J. Monkiewicz (ed.), Challenges of modern
financial markets, Warsaw, pp. 97-117.
[23] Kosikowski, C.,2010. European Union law in the system of Polish financial law. Temida 2 Publishing House.
[24] Kuliczkowska, A., 2017. The issues of regulating the legal status of autonomous vehicles, Market - Society - Culture. Special issue 2 (26),
pp. 180-185.
[25] Kuźmicka-Sulikowska, J., 2020. New challenges to tort liability provided for in Polish law - selected remarks in connection with the
functioning of the so-called autonomous vehicles, Wrocław-Lviv Legal Papers 11, pp. 169-195.
[26] Lisowski, J., Osak, M., Łyskawa, K., 2016. Liquidation fee in life insurance with an insurance capital fund - economic and regulatory
aspects. The international context, Poznań.
[27] Łańcucki, J., 2018. Client on the digital insurance market, Insurance 2, pp. 3-14.
[28] Nizioł, K., 2017. Cyber security of online transactions and payments by underage consumers, in: M. Górka (ed.), Cyber security for
children and adolescents. The real and virtual problem of security policy, Difin Publishing House.
[29] Nizioł, K., 2019. Misselling Financial Services. Legal and economic problems and conditions, Szczecin.
[30] Nizioł, K., 2018. Protection of competition in the financial market - selected aspects, in: M. Królikowska-Olczak (ed.), Infrastructure
sectors - legal issues, Series: Legal Monographs. C.H. Beck Publishing House.
[31] Pietruch-Reizes, D., 2020. Transfer of Scientific Knowledge. The context of artificial intelligence, the Internet of Things and robots, in: D.
W. Babik, Pietruch-Reizes (eds.), Information-knowledge-innovations, Kraków, pp. 43-67.
[32] Proposal for a Regulation of the European Parliament and of the Council on a digital single market (Digital Services Act) and amending
Directive 2000/31 / EC (Text with EEA relevance), SEC (2020) 432 final, WD (2020) 348 final, https: / /eur-lex.europa.eu/legal-
content/PL/TXT/PDF/?uri=CELEX:52020PC0825 [retrieved: 03.05.2021].
[33] Recommendation D on the management of information technology and ICT environment security in banks, 2013. Polish Financial
Supervision Authority, https://www.knf.gov.pl/knf/pl/komponenty/img/Rekomendacja_D_8_01_13_uchwala_7_33016.pdf [retrieved:
21.04.2021], pp. 4-60.
[34] Reimagining customer privacy for the digital age Going beyond compliance in financial services, Deloitte
Insights,https://www2.deloitte.com/content/dam/Deloitte/br/Documents/financial-services/Deloitte-reimagining-consumer-privacy-for-
digital-age.pdf [retrieved: 03.05.2021].
[35] Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for
Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013
(Cybersecurity Act), Official Journal of the European Union L of 2019, no. 151/15 with amendments.
[36] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to
the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection
Regulation) , Official Journal of the European Union L 119/1 of 4.5.2016.
[37] Rojszczak, M., 2020. Artificial intelligence in financial innovations - legal and regulatory aspects. Online Antimonopoly and Regulatory
Quarterly 2 (9), pp. 61-77.
[38] Różanowski, K., 2007. Artificial intelligence: development, opportunities and threats. Scientific Papers of the Warsaw School of
Information Technology 2, pp. 109-135.
[39] Rutkowska-Tomaszewska, E., 2014. Practices violating the collective interests of consumers on the financial services market with
particular focus to the banking services market, on the example of the most recent decisions of the President of UOKiK (Office for
Competition and Consumer Protection), Internet Antimonopoly and Regulatory Quarterly 3 (5), pp. 67-94
[40] Security Branch Notification Laws, National Conference of State Legislatures, https://www.ncsl.org/research/telecommunications-and-
information-technology/security-breach-notification-laws.aspx [retrieved: 03.05.2021].
[41] Selinger, E., Polontesky, J., Tene, O. (eds.), 2018. The Cambridge Handbook of Consumer Privacy, Cambridge.
[42] Stylec-Szromek, P., 2018. Artificial intelligence - law, responsibility, ethics, Scientific Papers of the Silesian University of Technology.
Series: Organization and Management 123, pp. 501-509.
[43] Taylor, M., 2015. Competition Law in High Technology. Industries Insights for Australia, Sydney.
[44] Urbanik, G., 2019. Liability for damages caused by an autonomous vehicle in the context of Art. 446 kc. Studies in Law: Research Papers 2
(25), pp. 83-95.