I recently received a circular to the following effect from my bank in the UK.
While the main message of the circular was that the bank was now adding a new clause permitting it to make my account data available to overseas regulators, this was the first time I came to know that they already had a clause allowing them to transfer to, store and process my account data in foreign countries, including those countries that did not offer adequate data protection.
From my previous interactions with banks in Europe, I always got the impression that customer data could not be accessed from abroad, let alone be transferred to or stored in foreign countries. When I checked the printed booklet that came with my account opening welcome kit, I couldn’t find any section titled “Transfer of Data Abroad”, though I could find such a clause – and many others missing in the printed booklet – in the online version of the terms and conditions posted on the bank’s website. Hmm.
I’ve now started wondering whatever has happened to European Union banking data protection, which has traditionally been considered very stringent and coming in the way of offshoreability of EU banking applications. It would be interesting to know how many banks in the UK and elsewhere in the European Union have a similar provision in their terms and conditions.