Digital challenger bank Revolut is rolling out a series of new data practices that every customer is opted into by default.
The company said that user data will be shared by default, instead of expressly asking users for consent prior to sharing. If users do not want to have to have their data shared, they need to opt out. When asked by Siliconrepublic.com, Revolut declined to comment on why users are automatically opted into these measures.
To opt out of having information shared for targeted marketing purposes, users have to go to the settings button in the top-right corner of the dashboard tab in the app. From there, users can click the ‘privacy’ option under the security sub-heading and toggle the opt-out button there.
If users do not want their information shared with credit bureaus, however, the process is a little more complicated. Customers need to go to the chat button, also in the top-right of the dashboard tab, and then scroll down to the very bottom and click ‘new chat’.
From there, users will have to write in saying that they do not want their data shared with credit bureaus. Upon doing so, users are instructed that the changes will be implemented within 24 hours, and that sending any further response will reverse the opt-out instruction.
When asked why the credit bureau opt-out does not have a toggle option, the company said that since the data is provided to credit agencies once a month, it is better to have a record via email or chat to ensure that the status of consent is as accurate as possible.
Revolut also said that data provided to credit agencies would not impact a user’s credit score, except in the case where a user applies for credit products through the app. The company noted that this is the case with any credit product in general.
The data will be sent, the company said, to credit bureaus to help Revolut form its future lending strategies and develop its own credit products by determining what it thinks its customers can afford.
‘A better user experience’
“Any data we do collect is used in order to provide a better user experience, through targeted products and pricing, and the customer remains in control of their data at all times. As clearly stated in the terms and conditions, Revolut will never sell customer data.”
According to Revolut, data collected and sent to analytics companies is to help provide relevant customer advertisements. The information, which can include names and email addresses, will be hashed. Hashing data is a form of cryptographic security, but it is not regarded as the same as encryption. This data will be collected and sent to advertisers, according to Revolut, to inform customers of products that may benefit them.
The company also said that collecting this data will help it recommend other services to users within the Revolut app. The digital bank also said that it would collect location and usage data in order to let users know if their contacts are nearby or if they have used similar products, in order to help with social interactions.
‘A matter of urgency’
Under GDPR, direct marketing generally requires affirmative consent, such as by specifically opting in, under regulation 13 of the EU ePrivacy Regulations. There are some exceptions, however, such as when a company is marketing its own products or services to its users.
Updated, 1:39pm, 8 November 2019: This article was updated to include comments from the Irish Data Protection Commissioner and information about GDPR.