cross-posted from: https://fedia.io/m/privacy/t/312963
There’s a huge chain of ATMs in Netherlands called Geldmaat which is a partnership of Ing, Rabobank, ABN AMRO, possibly others.
So I have several questions w.r.t privacy:
when you draw money out, do all those banks have access to the transaction?
if you use a Rabobank card, does Ing see the transaction?
if you use a foreign card that is not associated to any of the partnered banks, which bank handles the transaction?
This trend is picking up in other countries as well and it seems no articles that announce these changes are talking about the #privacy consequences.
Geldmaat is an independent entity that is bound by financial privacy and GDPR, so they are not going to share data with their parent companies unless relevant to the transaction or necessary for regulatory compliance.
That said, they are sitting on a huge amount of aggregate transaction data they they are undoubtedly monetizing right now.
In the Netherlands could always take money from other machines. These are called guest transaction and where free but only allowed once a day.
Since the maintenance and upkeep is expensive some banks decided to co-operate the cash machines. Since all transaction go via a central system. Even if the machine is from your own bank. This central system used to be owned by the banks, but this might not be the case any more.
Do to privacy laws banks can not just check into your transactions, if they do and get caught the fines are huge. So I do not think they would risk it.
So iiuc, you’re saying some care is taken to not expose the transaction data to all the banks. Good to hear.
Some clarity is still needed. E.g. I insert a foreign card by bank X, doesn’t one of the co-op banks have to be selected? The ATM itself must have a bank account where the electronic money lands in exchange for the cash being dispensed. I trust some banks more than others & Ing is low on the trust scale, so I’m a bit bothered by the lack of transparency & lack of choice.
The consolidation is in itself a problem. There are only two major ATM providers (geldmaat & euronet) & the smaller independent ATMs are losing ground. This means consumers only have two practical choices for handles their transaction & in neither case do you know which bank you’re trusting with the data.
To be honest, I’d have much more privacy-concerns when using an ATM from a small independent company than one from Geldmaat…
There are privacy risks either way.
Big banks are obligated to look for Americans using small banks (which report less) & share that data internationally (FATCA). Big banks are fast to sign up for all the data sharing agreements whereas small banks tend to be less aggressive about info sharing. Big banks have the resources to hire data scientists, lawyers, and look for legal loopholes before deliberately oversharing your data.
Small operations can’t afford to invest in exploiting your data for profit. But they have less to spend on security so they are more likely to accidentally leak your data (e.g. hacker exfiltration).
But then small ATMs have other weird risks:
https://slrpnk.net/post/2479741
So it’s not really clear-cut.