The intrusion of banks into privacy worries

Institutions are demanding more and more personal data from their customers. Some have seized the CNIL.

At 53, including twenty-two as a customer of his Savings Bank Rouvroy, a small town of 9,000 inhabitants of the Pas-de-Calais, Janine M. does not return. She has just received, with her statement of account, a comminatory letter by which her banker enjoins her to provide, by April 15, the proof of her identity, the details of her profession and her income, her last payslips, his tax notice.

“Even so,” she says, shocked, ” they know me, I’ve had my savings account since 1988, a Livret A since birth, and my husband and I are good clients.” It has always been paid, we have always paid the house, it is indiscreet, especially since we did not apply for a loan, nothing, I do not intend to answer. ” Like Janine M., tens of thousands of clients of French banks are currently receiving strange mail, which they welcome with the same mixed feelings of vexation and indignation.

In fact, faced with strengthened rules and laws in the fight against money laundering and the financing of terrorism and the obligation to know their customers, financial institutions (Savings Banks, Credit Agricole, BNP Paribas, etc.) have, for several weeks, launched a vast operation to collect personal data.

This approach, unprecedented, would have remained confidential if the banks had limited their scope of the investigation to their new customers, for which the verification of identity would not have been carried out or would be incomplete. And if, above all, they had used methods so different from one institution to another to meet regulatory obligations that are strictly identical.

“Some banks stick to the demand for ID, proof of residence and economic activity, which is legal if they do not have these documents, but others require very specific information about patrimony of their clients, their families, without informing them of what is actually obligatory, or if they incur sanctions if they do not provide the information requested, ” observes Isabelle Faujour, Assistant Legal Director at UFC- What to choose.

“Illegal” approach

For Ms. Faujour, the many emails that reach the UFC- Que Choisir, via its regional branches, suggest that “there is a real problem” and that “vigilance is required” . Especially since some banks ostensibly practice the mixture of genres, taking advantage of a regulatory approach to collect commercial information and feed their files.

This is the case of the Savings Bank of Ile-de-France, which, on the same document entitled “Banking standards on the knowledge of the customer”, asks – in addition to the identity document (national card identity, passport or residence permit) and proof of residence (of less than three months) and income – the family situation of his clients, their precise profession, their number of dependent children with their names and dates birth.

As an incentive to respond, and at the risk of increasing confusion, the establishment attached to its application a participation in a “draw to win five gourmet stays” in a castle: “Who has not dreamed of leading the castle life one day? ” says the advertising insert visible on the letter.

Calling this approach intrusive and, in some cases, illegal, some consumer associations such as the French Association of Bank Users (AFUB) – one of the most virulent in terms of bank abuse – are already threatening ‘action against ‘ abusive banking controls’. They wonder about the use that will be made of the data thus collected, fearing that they do not lead to bad customers. On this point, the law is clear: the data are subject to banking secrecy and can not be kept beyond five years after the closure of an account. However, again, some clauses on the recent letters of the banks call, as this mention, written in small characters, the Savings Bank of Ile-de-France: “Unless you object, our service providers may be driven to treat this information for our exclusive benefit in the context of commercial operations. ” Or this other Crédit Agricole Val-de-France: “You expressly authorize to share the data concerning you with any entity of the group (…) and with any third party (…) for the execution of work entrusted to service providers. ”

So, too curious, the French banks? The National Commission for Informatics and Liberties (CNIL) indicated, Tuesday, March 16, have already received about twenty complaints from individuals about these banking controls.