The Dutch banks ING and Rabobank are taking their legal responsibility to protect customer information too lightly, according to a senior EU official.

The European Union’s data protection regulator Peter Hustinx made the comment in an interview with the Financieele Dagblad on Tuesday.

Hustinx was reacting to plans, since withdrawn, by ING to sell on customer information to companies which could then direct their advertising more accurately.

Rabobank also has plans to analyse payment data in more depth but says it will not involve third parties.

Permission

Companies and organisations are only allowed to use customer data when specific and clear permission has been given, but banks are not taking this seriously, Hustinx says.

He quotes the example of BNP Paribas in Belgium which has altered its general terms and conditions so that when customers agree, they give permission for their information to be sold on.

This is ‘unfair’, says Hustinx, and he wants to know ‘what they do without permission and what they find necessary to put in a contract for an ordinary bank account’.

He warns banks that regulations are likely to become tougher. New privacy rules have already been agreed by the European parliament and these are now awaiting agreement from European finance ministers.