The second-largest bank in Canada, TD Canada Trust, can apparently access information on all of the online activities of its customers. This includes activities that have absolutely nothing to do with banking. Many bank customers are now outraged over the lack of privacy that they have been provided.
In the 66-page TD Visa cardholder agreement, the bank outlines its ability to obtain some highly questionable information. This information includes details regarding the web browsing activities of users, as well as their preferences and online activities. The abilities were slipped into the fine print, which obviously goes unread by most customers.
Meanwhile the bank has been very slow at responding to complaints. Some customers have demanded that the bank offer them “personalized policy agreements” that would remove some of the privacy concerns. The banks have often told customers that they would eliminate the offending policies, but it turns out that they are still present in the agreements.
TD issued a statement that asserted the purpose of the agreement was only to allow the bank to obtain information regarding the usage of TD websites and TD mobile apps.
The statement said, “TD has never, at any time, collected general information regarding details about customers' browsing activity, their browser or mobile device.”
While the bank has already removed the browsing clause from the cardholder agreement that is available online, it remains in the printed version that is mailed out to customers. According to TD, the printed agreement will be changed the next time that it needs to be reprinted.
Additionally, the bank has retained the line that enables it to monitor the “preferences and activities” of their customers. TD says that it uses this information for banking purposes, such as managing products and assessing risk.
Needless to say, privacy experts are very concerned. They say that these kind of agreements open the door for more sharing than is intended. Also, the problem could easily spread beyond banks.
The president of the Privacy and Access Council of Canada Sharon Polsky said, “The waters are very murky. People do not realize very often that their information is being disclosed."
While Canadian law requires consent before anyone can access the online activities of someone else, TD Bank has found a sneaky way around this. Most people don’t realize that by signing up for a credit card or downloading a banking app, they are giving the bank such permission.
Polsky added, "It has a creepy factor. They can create a very, very detailed profile of each of us that shows what we do, where we go and what we think.”
Making matters worse is that it is still unclear how exactly the information is used by the bank. While some broad and generic uses have been provided, no actual applications have been revealed at this time.
"A lot of people don't realize just how invasive organizations are already with our personal information. So, when you see a clause that says the organization will gather whatever it wishes about you and use it however it wishes. That's when you start wondering why? For whose benefit? Certainly not the consumer," Polsky said.
While banks certainly need to collect some basic information about the online habits of their customers, most privacy experts believe that TD Bank has gone too far. Being able to access such personal and private information is just asking for trouble. There’s a fine line when it comes to privacy concerns, and TD has certainly crossed it.