ING, big data, privacy and spam

Today many people responded quite negatively to the plans of the Dutch bank ING to market the data of its customers in relation to custom made advertisements on the basis of purchases, salary, subsidies, personal data, etc., etc. Data that banks have though pin transactions and online banking that in 2014 almost everybody does nowadays. Your bank sees every transaction and can interpret this and sell or indirectly offer this data to companies interested in marketing. The alternate is to go back to cash. I don’t think so. Is it a bad idea or a brilliant move by ING?


Commercially it undoubtedly is a brilliant idea. There is potentially a lot of money to be made from this data. “Every customer we spoke to was very enthusiastic”, said an ING employee on the 8 o’clock news. Judging from the reactions today, ING may have been speaking to the wrong customers. Fact is that a bank is ideally positioned information wise to sell this sort of data. And why not? Everybody else is doing it. Through an ex-neighbour I know that a company like (NL incumbent telco) KPN was analysing and selling customer data at least since the 1990’s. Nobody complaint. Nobody new the source of all these irritating calls round dinnertime. Not to speak of the economic model of social media.  So why can’t ING do a Google or Facebook?


Website security

Next to the fact that I do not wish to see any advertisements when banking online, wasn’t this the weakest link in many websites? All the banners and clickable adds that the website owner doesn’t have any control over? The spots in websites that were easily hackable or manipulated? What about the security of your website, ING? Will ING always know who it’s dealing with? Or just go for the easy money? Or that a few just slip through? Damage done, reputation gone. This may become a genuine concern and grow into a headache file.



I’m not even going to go into this. Privacy guard dog CBp will deal with this, I hope at least they are able to show some teeth here. This is not an academic discourse, Mr. Kohnstamm c.s.



Putting all this aside. If through ING I’m sent commercial adds from third parties, it is down right spam (“unrequested electronic communication”). The moment I receive one, I’ll complain to ACM. Unfortunately the attribution of parties like ING in a case like this, is not dealt with in the Telecommunications Act. Is this different under the Privacy Act? Something that truly needs amending.


If presented on ING’s website it is still unrequested. What this proves to me is that the spam article of European Directive 2002/58 needs updating. There are so many unrequested online add forms out there that it is time for this update. When I visit the website of a bank I expect to read about that bank(‘s products) and not on football shoes, airline tickets, etc., just because I bought that item recently. (Just like I do not want to receive an e-mail from a ticket vendor, straight after the sale, after I wasn’t able to fly cheaper than €2.000 that I can fly for €580 to the same destination! What are these guys thinking?)


Big data is the future, but whether a bank should step into the Google and Facebook business? Only if the money they provide is free from now on. That would be a fair trade. Can I sign on now? In all other cases I’d say: don’t do it. My relationship with a bank is build on trust, privacy and security. All three will be violated. Knowing banks in three years time online banking will rise in price if I do not consent, just like with online banking itself.



To me this, again, looks like an idea that is technically possible, potentially makes a lot of money, so let’s do it. All consequences not having been thought through. Conclusion for now: bad idea.


Wout de Natris


Leiderdorp, 10 March 2014


About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber awareness, Hacking, Privacy, spam and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s