Recently, it was reported that some customers of a Dutch bank can view the stock trading activities of their contacts through the app. This raises important questions about privacy and compliance with the General Data Protection Regulation (GDPR). What are the obligations of data controllers such as a bank, and what should organizations take into account?
The GDPR requires organizations to provide data subjects with clear and complete information about the processing of their personal data. In the case of a bank, the article shows that users were not always properly informed that their trading activities could be visible to others. This information obligation means that the information must not only be available, but also understandable and easily accessible to users. Users must know which data is shared, with whom, and for what purpose.
Another important GDPR requirement is that consent for sharing personal data must be freely given, specific, informed, and unambiguous. In the bank’s case, the option to share trading activities was enabled by default, without users explicitly giving consent. This violates the GDPR, which requires users to actively provide consent for data sharing. It is not sufficient to offer an “opt-out”; there must be an active and informed “opt-in.”
The GDPR stipulates that organizations may not process more personal data than is necessary for the purpose for which it was collected. In the case of a bank, it can be questioned whether sharing trading activities with contacts is necessary for using the app.
The situation at this bank highlights the importance of careful handling of personal data. Transparency, explicit consent, and data minimization are not optional recommendations but legal obligations under the GDPR. By taking these requirements seriously, organizations can maintain customer trust and limit legal risks.
For questions, contact Natascha van Duuren, Partner & IT, Privacy & Cybersecurity Lawyer, or one of our other specialists in the IT, Privacy & Cybersecurity team.
Would you like a monthly overview of updates and blogs in your inbox? Sign up for our newsletter!
