Nether­lands: per­so­na­li­zed adver­ti­sing to bank customers?

The Dut­ch data pro­tec­tion super­vi­so­ry aut­ho­ri­ty has appar­ent­ly writ­ten to all Dut­ch banks asking them to take a clo­ser look at their direct mar­ke­ting. This was trig­ge­red by the announ­ce­ment by a Dut­ch bank that it would per­so­na­li­ze adver­ti­sing to its custo­mers based on their pay­ment beha­vi­or. In the view of the super­vi­so­ry aut­ho­ri­ty, eva­lua­ting tran­sac­tion data to per­so­na­li­ze adver­ti­sing would not be com­pa­ti­ble with the pur­po­se of obtai­ning this data. It was appar­ent­ly taken into account that a bank account is a neces­si­ty of today’s life, which is why an account does not allow the con­clu­si­on that the hol­der is inte­re­sted in finan­cial pro­ducts, and that tran­sac­tion data is sen­si­ti­ve; con­se­quent­ly, per­so­na­li­zed adver­ti­sing does not meet the expec­ta­ti­ons of the bank customer.

Howe­ver, it remai­ned unclear whe­ther this also app­lies if the bank express­ly sta­tes – in a data pri­va­cy state­ment – that tran­sac­tion data will be used for mar­ke­ting pur­po­ses. For more infor­ma­ti­on, see here.