Is assumed consent enough?
When Banks move the 'goal posts'
Is it legal for banks (and other data controllers) to make significant changes to the manner in which they process personal data and not seek a 'positive signifying action' that the data subject consents to such use (changes) of their personal data?
This practice seems to happen all the time, with Egg Bank being the latest to change the way it uses my personal data.
They change the terms and conditions, send an email and then assume that I have consented to the changes. Rather along the lines of, 'we may change our privacy policy from time-to-time; it's up to you to read it and tell us if your not happy'.
What is a 'Linked Supplier' and what do they do with my data for example?
12.4 We may
transfer your Personal Information to a Group company, Linked Supplier
or subcontractor or person acting as our agent in another country so
long as they agree that your Personal Information will receive the same
levels of protection as we are required to give it in the UK. You
consent to having your personal data transferred by us, or others
processing on our behalf or their agents, to regulators, authorities
and law enforcement agencies in other countries (including countries
outside the European Economic Area having less stringent data
protection requirements than those within it) if the disclosure is
required by the laws or regulatory rules of those countries.
The world moves on, I know, and mergers and acquisitions are part of Life, but there is legislation out there and I'm not entirely sure the banks are playing by the rules.
Time to call the Commissioner!
Comments