The Dutch data protection supervisory authority has apparently written to all Dutch banks asking them to take a closer look at their direct marketing. This was triggered by the announcement by a Dutch bank that it would personalize advertising to its customers based on their payment behavior. In the view of the supervisory authority, evaluating transaction data to personalize advertising would not be compatible with the purpose of obtaining this data. It was apparently taken into account that a bank account is a necessity of today’s life, which is why an account does not allow the conclusion that the holder is interested in financial products, and that transaction data is sensitive; consequently, personalized advertising does not meet the expectations of the bank customer.
However, it remained unclear whether this also applies if the bank expressly states – in a data privacy statement – that transaction data will be used for marketing purposes. For more information, see here.