Online banks sloppy with privacy

When the Consumers’ Association (Consumentenbond) conducted research on the online privacy of customers of banks in the Netherlands, the findings exposed that many new, online-only banks are less careful with the privacy of their customers than banks that have been established longer. The Association used the Privacy Meter, which shows the extent to which companies respect European privacy law (GDPR) and whether or not they unnecessarily share data with third parties. The Meter, launched in early 2020, makes it easier for customers to choose a bank that handle data properly, by allowing them to see whether these banks comply with the privacy rules.

In its study, the Consumers’ Association included thirteen banks in the Netherlands. The findings revealed that four new banks, Revolut, Bunq, N26, and Openbank – the Europe-wide digital bank of the Spanish Santander Group -, scored moderately to poorly. According to the study, most of the problems were found at Revolut; it was revealed that the bank shares the personal data of its customers (including bank app users) such as email addresses and telephone numbers with the advertising and social networking giant Facebook. The Revolut app also appears to send encrypted data to marketing agencies. Moreover, it appears that Revolut shares this information with marketing agencies without prior warning or consent, while customers who wish to opt out can only do so by e-mail.

Bunq, N26 and Openbank were all found to have shared personal information of their customers with third parties, whose aim is to closely monitor the behaviour of customers. All the new banks placed advertising cookies on their websites and apps while, in the case of Revolut and Bunq, failing to ask users permission. Although N26 and Openbank asked permission from users, this was not done properly.

Other banks, including ASN Bank, Knab, Regiobank and SNS Bank, also appeared to have been placing tracking cookies without properly requesting permission from users. However, after being informed about these violations by the Consumers’ Association, these banks quickly solved their cookie problems. Some banks scored well in the study, including the three major banks involved, ING, Rabobank and ABN Amro.

However, Openbank disagreed with the findings of the investigation, pointing out that the consumer organization made a number of errors. Dutch bank Bunq joined Openbank in challenging the findings of the Consumers’ Association, rejecting any claim that it is sloppy in handling the information of online customers. “We do not sell private information,” Bunq said in response to the Association’s research conclusion. “We only use these marketing agencies to improve the user experience of our account holders.” According to the bank, the data shared is not being used for any other purpose other than that. Of course, there is no way to determine the validity of this claim.

According to Sandra Molenaar, “it is shocking that the new banks are careless with privacy, thus breaking the law. Some have promised to do better. We are going to keep an eye on this. And if these banks do not solve their problems, we will report this to the Dutch Data Protection Authority.”

Written by Seringe Touray