M&S at risk of breaking data law
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.MARKS and Spencer may be breaking the law over the way it shares personal information about its cardholders.
A spokeswoman for M&S said: 'We believe we are operating within the law, but if we are advised that we are not then we will change our practices.'
The Independent revealed last week that the stores group had declined to be bound by the new Code of Banking Practice. The sole reason given was that it disagreed with the code's data protection provisions.
M&S was invited to come under the code because of its in-house store card and its financial services. These include unit trusts and are being extended to life insurance and pensions.
The new code says: 'Banks and building societies will observe a strict duty of confidentiality about their customers' (and former customers') affairs and will not disclose details of customers' accounts or their names and addresses to any third party, including other companies in the same group.' The only exceptions are if there is a requirement to disclose, or if the customer agrees.
The M&S spokeswoman pointed out that applicants for the group's store card were told: 'We share information about customers' accounts with other lenders through credit reference agencies . . . Please remember that we never make your name and address available to others for mailing and marketing purposes, other than to those approved organisations providing goods or services on our behalf. Naturally, from time to time we will send you information about M&S and M&S Financial Services products or services that we think you may find of interest.'
Barry Hyman, director of communications at M&S, said the company did not consider this unacceptable, as cardholders would expect to receive information about M&S even though it was a different legal entity. That was why the group had not signed up to the code.
Applicants who do not wish to receive such information can tick a box. No such option is offered to those who do not want M&S to share information with credit reference agencies.
This directly contravenes a paper published last month by the Data Protection Registrar, which declares: 'In general, if a financial institution gives an individual notice of what it intends to do with personal data about that person, and s/he does not respond, the financial institution would not be entitled to assume that s/he had impliedly consented to the use of the information.'
M&S is discussing the issue with the Registrar and other companies and says it will go along with the general view.
John Lamidey, the assistant Registrar specialising in financial services, said: 'I am grateful to the Independent for pointing out Marks and Spencer's view. M&S may not be complying with the Registrar's understanding of the law. That remains to be tested in the courts.'
Mr Hyman said: 'We would never knowingly break the law.'
(Photograph omitted)
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments