We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
TSB Android App uses external trackers
Options

clanlaw
Posts: 7 Forumite
I run an ad blocker on my home network and it seems that the TSB Android banking app requires access to two external sites that are normally used for various devious tracking/logging purposes, namely
tags.tiqcdn.com and csi.gstatic.com. With access to either of these blocked the app will not run.
I would have thought that accessing sites like this, which I believe are US based, from the banking app, would require my permission under the GDPR. Any comments anyone?
I would have thought that accessing sites like this, which I believe are US based, from the banking app, would require my permission under the GDPR. Any comments anyone?
0
Comments
-
You would agree to it when downloading and installing the app0
-
Depends on the usage. For example csi.gstatic.com may be used to display google maps (perhaps to show you nearby branches) and tealium tag management (tags.tiqcdn.com) can be used for live chat. It's not good to make the whole app fail if those domains can't be reached.0
-
I would have thought that accessing sites like this, which I believe are US based, from the banking app, would require my permission under the GDPR. Any comments anyone?
It's made (fairly) clear in their privacy policy, which looks ok from a GDPR point of view to me. It says what they do with the information - although it's not the most clear explanation that i've seen, it says they collect information so that you can see 'relevant' adverts on other sites - and i'm guessing you've consented to it at some point when you downloaded the app. Personally i'd prefer my bank didn't try to use me to target adverts, but that's a separate issue...
The privacy policy says that you can object by contacting the "Data Rights Team" so I guess you could try that, although if they can't respond to a complaint in two months I doubt they're responding to much else either.0 -
I work for a company that helps mobile developers integrate GDPR compliance into their apps.
It could be the case that contacting third-party servers is a violation of GDPR here, but only if the app is passing personally identifiable information to those servers. Now, this doesn't have to be stuff like email address or username. Even if they are passing GPS coordinates, or the identifier of the device in order to show ads, etc, that's personally identifiable data for which they do need to request your permission to collect and pass on.
However, if they aren't sending any personally identifiable information to those servers - such as may be the case if they are using those services for error monitoring or performance monitoring or some other way, then no, they don't need to have your consent to do so.
Also note that GDPR doesn't allow for your consent to be automatically bundled into their EULA or terms of use or privacy policy or anything like that - if you didn't explicitly give consent to a piece of data being collected, they don't have that consent, as far as GDPR is concerned.
Andrew0 -
I work for a company that helps mobile developers integrate GDPR compliance into their apps.
It could be the case that contacting third-party servers is a violation of GDPR here, but only if the app is passing personally identifiable information to those servers. Now, this doesn't have to be stuff like email address or username. Even if they are passing GPS coordinates, or the identifier of the device in order to show ads, etc, that's personally identifiable data for which they do need to request your permission to collect and pass on.
However, if they aren't sending any personally identifiable information to those servers - such as may be the case if they are using those services for error monitoring or performance monitoring or some other way, then no, they don't need to have your consent to do so.
Also note that GDPR doesn't allow for your consent to be automatically bundled into their EULA or terms of use or privacy policy or anything like that - if you didn't explicitly give consent to a piece of data being collected, they don't have that consent, as far as GDPR is concerned.
Andrew
Pretty sure you can't advertise/promote your company in your signature...0 -
Thanks all for the input. I need to do some more research.0
-
It's made (fairly) clear in their privacy policy, which looks ok from a GDPR point of view to me. It says what they do with the information - although it's not the most clear explanation that i've seen, it says they collect information so that you can see 'relevant' adverts on other sites - and i'm guessing you've consented to it at some point when you downloaded the app. Personally i'd prefer my bank didn't try to use me to target adverts, but that's a separate issue...
Thanks @Lomcevak, can you point out where you saw this in the privacy policy? In the T&C when installing the app it says the privacy T&C is at tsb.co.uk/privacy and I can't see any reference to adverts in that document. I can't see any ref to adverts in the app terms either.0 -
I only skimmed it, but e.g. this bit from https://www.tsb.co.uk/privacy/#3_Why_we_use_your_information-1490865537398-contentIf you use our online services, when you are logged in we'll aim to give you a personal service so that you see information relevant to you. This will include details of our products that we think will be of interest to you.
When you log in to other secure websites, you may also see TSB advertisements we think may interest you. You can object to this by contacting our Data Rights Team. This means you'll experience more general webpages. You won't see fewer advertisements, and the pages and ads may be less relevant to you.0 -
@Lomcevak that seems to me to be only talking about serving ads for TSB products, so I don't see why that would need access to the sites mentioned.0
-
@Lomcevak that seems to me to be only talking about serving ads for TSB products, so I don't see why that would need access to the sites mentioned.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.6K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards