Barclays is to make customer data available for commercial purposes for the first time, in changes to its customer agreements that will also see the firm begin tracking mobile devices in order to prevent card fraud.
As part of the Retail Customer Agreement rules, due to come into play in October this year, millions of the bank’s customers will have their purchasing information offered to third party firms. The bank told customers that it will “use information about the transactions on your account” with a view to increasing its understanding of services and products that customers may wish to use. Although Barclays has used customer data internally in the past, for the first time data will also be used to produce reports that are then shared with third parties including other companies and government departments.
The bank claims that only anonymised data will be supplied, providing information such as what has been purchased, or where a purchase was made, rather than any individual, personal information. “This data is numerical and not personal, and you will never be identifiable on the basis of it,” the customer agreement states.
According to Barclays customers will be unable to opt out of the plans, for which it says has received a green light from the regulators.
"We only use information in a numerical, anonymised and aggregated way as is standard practice at many companies,” a spokesperson told ComputerworldUK. “It is not about providing information for sales or marketing use and does not include any personal data.”
“This is all in accordance with industry guidance from the Information Commissioner’s Office and the law.”
Another of the changes highlighted in the customer agreement is the gathering of location information in order to improve fraud detection. This is enabled by ‘pinging’ a customer’s mobile phone to detect which country a customer is in, providing another layer of defence against the fraudulent use of a credit or debit card in a foreign country. The Barclays spokesperson stated that such data will not be used any circumstances other than fraud prevention, and customers will be able to opt out of the service should they wish.
In a statement to ComputerworldUK, Jim Killock of the Open Rights Group contested Barclays’ decision to offer sell data to third parties.
"Users need control of their data. Barclays should be asking people to opt in, rather than opt out, of data collection,” Killock said. "Barclays’ privacy changes are just one more reason why new strong data protection needs to be implemented in Europe.”
Killock also suggested that Barclays’ plans show that more needs to be done to protect customers in the development of the draft EU Data Protection Regulation, which has faced "immense lobbying", by giving customers more power over the use of their own data.
"As Barclays has been part of the massive lobby effort tabling 4,000 amendments to water the EU regulation down, MEPs should trust Barclays’ motives to change the law even less now they can see what the bank thinks meaningful consent and control really means for its customers," he said.