Big Bank is watching you
ING Bank plans to launch by the end of 2014 go on trial with targeted offers from companies to ING customers based on ING customer profiles. This trial is all about Big Data: huge amounts of data in which all kinds of characteristics and patterns of individuals and groups can be analysed and geoprofiled. Such profiles can then be resold to the highest bidder. However, targeted offers by companies will only occur if the ING customer has given "explicit consent", ING tries to reassure us. However, this is far from reassuring. After all, fundamental principle in privacy law is purpose limitation: data obtained for purpose A may not be used for purpose B (or C to Z). In the banking sector, this purpose limitation requirement is more or less sacrosanct. After all, people need to be confident that their financial transactions are completely safe with their bank and cannot be used or misused for other purposes. ING seems to want to circumvent this purpose limitation by asking ING customers for "permission" for commercial use of their confidential customer data, in exchange for a possible benefit here and there. Such consent is only legally valid if it is freely given (without any pressure, coercion or deception), sufficiently specific and based on complete, objective information. Will this be the case if ING tries to "market" this project? And do these kinds of projects actually suit a bank? A bank is not a shop, is it? How "free" will the consent of ING customers in dire financial straits be? And how complete and objective will the information ING presents to its customers be? Even now, are ING customer profiles being compiled using Big Data? If so, shouldn't consent have been sought for this? After all, financial data can often reveal the most sensitive details about people's private lives. What safeguards does ING employ to prevent customer discrimination? For what further purposes and parties will ING's Big Data become available? The government? Insurance companies? What will all these parties do with that data? Is that actually foreseeable? In other words, doesn't the generic "consent" that ING asks from customers constitute a carte blanche for future data abuse? Until such questions are properly answered, Privacy First advises you not to go along with such practices by ING. And go back to paying in cash instead of digitally. Good for your privacy! J
Update 17 March 2014: ING has decided to drop the controversial trial not to be implemented for the time being. Privacy First welcomes advice on the matter to ING.