Dutch Rail (NS) has invaded the privacy of owners of the public transport smart payment card by using their personal information for marketing purposes without permission, privacy watchdog CBP said on Tuesday.

Even holders of the ‘anonymous’ smart card, which does not contain personal information or carry a photo, have been the victims, the CBP said. After activating their card on the NS website, their email addresses were used for marketing campaigns.
The privacy watchdog says personal information may be used under certain conditions but the NS has not kept to any of these.
Collecting information
One of the conditions says the NS is not allowed to build up a picture of who travels where and when, but it has been collecting this information, the watchdog said.
The NS will not be fined or punished because it has taken steps to redress the situation. The email addresses of ‘anonymous’ card holders have been destroyed, and they will in future be asked if they mind having their email address used for mailings.
However, there is no mention of what is being done about personalised smart cards or the collection of travel behaviour information.
Do you use a smart card to pay for your train tickets? Have your say using the comment form below.