The Netherlands’ data protection authority has granted more than 160 financial institutions a licence to share information about fraudsters to help fight financial crime.
Under a protocol, the financial institutions are not allowed to exchange data large-scale, nor is there a central database or blacklist.
The new arrangement contains rules which banks and insurers must meet to continue swapping information about incidents such as identity fraud or helpdesk fraud (spoofing).
“The fight against fraud and tracing perpetrators is, of course, of great importance, said Katja Mur, a board member of the DPA, Autoriteit Persoonsgegevens.
“But keeping and sharing of criminal data must be done with great reluctance and care. We have seen that people ‘on the wrong list’ can end up with terrible consequences.”
She also said banks and insurers can only share data if they have a permit and adhere to the new rules.
“The AP can revoke a permit if it appears that a company does not comply with the protocol,” she added.