Revolut is a UK-based fintech company that offers current accounts to customers through its mobile app, as an alternative to traditional banks. Customers can use prepaid debit cards, free currency exchange and transfer abroad, peer to peer payments, and access to cryptocurrencies.
There has been a lot of hype and controversies around the service now reportedly used by some 4.5 million people – and its business model revolves around free current accounts that allow exchanging 24 currencies without paying any fees up to a limited amount, and also the ability to withdraw a limited monthly amount from ATMs.
As for those who needed more than those limits – the company has a subscription tier that includes a number of other advantages.
But now, privacy alarm bells are ringing as the company announced a new privacy policy that involves sharing customer data with “advertising and analytical platforms, for marketing purposes.”
This announcement was made in the company’s updated privacy policy, and it’s an opt-out feature – in other words, only users who explicitly request to be excluded from the scheme will be.
Revolut’s email to users about the new update was as followers:
“We’d like to let you know about some updates we’re making to our privacy policy and cookies policy. If you have any questions, please don’t hesitate to reach out to our support team through the in-app chat.
We’re updating our privacy policy to include information about how your personal data is shared with:
(i) credit bureaus, to help us better assess your financial circumstances; and
(ii) advertising and analytical platforms, for marketing purposes,
and to explain how you can opt out of sharing this data at anytime if you want to. The updated privacy policy can be found here.
We’re also updating our cookies policy to set out more detail about what cookies we use and to make it easier for you to manage your cookie preferences or opt out if you want to. The updated cookies policy can be found here.
These changes will go live in 1 week, on the 5th November 2019.
Have a great day.
Team Revolut”
After receiving the news, some users told Reclaim The Net that they’ve asked asked the company to provide them with any personal data Revolut might have shared with ad networks – something residents in EU member-states are entitled to according to the data protection regulation known as the GDPR.
Revolut must respond to any such request within 30 days, or run the risk of being investigated for GDPR violations.
Further, Revolut’s new changes are being brought in under assumed consent. The company doesn’t give users a way to opt-in to sharing their data for marketing purposes – it simply tells users that they’ll have to opt-out if they don’t like it.
Revolut say that in order to opt-out of the new policy, users will have to get in touch with them. “You can opt out of this by using the help service through the Revolut app or by emailing our Data Protection Officer at the address given above,” the policy says.
This new assumed consent policy is not the first time Revolut has faced controversy. Last year the company ran an ad campaign that was seen as “single-shaming” – it had to do with the number of people who ordered a takeaway meal for one on Valentine’s Day.
Other than being “tone deaf,” the criticism of the ads had to do with the company possibly abusing private data and private financial information in order to come up with the figures giving it precise insight into customer behavior.
Last spring, Revolut said there was, in fact, no data – that the figures were “fictitious.” In light of its now official willingness to play with third parties and customer data, that explanation may seem suspect.