Monzo's Use of Aggregated Data

This issue has come up a couple of times already so I’ve created this dedicated topic to discuss Monzo’s planned use of anonymous, aggregated data for things like recommendations.

Several users have raised questions about what options users should be given to opt out of their use of their data for this purpose & whether or not it should be a privacy concern.

This has also been discussed here.

Kris’ reply below is a response to this question from Marta -

This is a terrible idea. If Monzo started to data mine my spending patterns and habits I would see this as a huge invasion of my privacy.

2 Likes

don’t you think this happens already with every transaction you make in life , unless you use cash for everything ?

8 Likes

Exactly what I was going to mention -

There’s going to be marketing opt out, for people who don’t wish to be targeted in this way. I understand your concerns, but I don’t mind it personally - right now. I’ll see how it works first, but that’s only based on the fact that I trust Monzo already. If some random financial company would like to do that (“give us all of your data and we’ll tell you what’s nice for you”), I’d start kicking and screaming. :smiley: :sweat_smile:

4 Likes

So long as there are opt outs then this is absolutely fine as it gives people a choice.

These opt outs must make it possible for users to stop their data being collated and used as the basis for recommendations for others though. Just allowing someone to opt out from getting recommendations is not enough.

I disagree that we’re looking at a simple algorithm.

For recommendations (using the energy switch example) we’re actually looking at an algorithm and a collection of data mined from many users against which to make comparisons. Without the mined data from other users the output (in this case suggesting someone switch supplier) is not possible.

My concern relates to my spending data being included in these mined datasets which are used as the basis of the recommendations. I should have control as to whether my data is included in these datasets. If I opt to include my data then I see no problem. If I don’t wish for my data to be included then it shouldn’t be.

Your simple direct debit to a company or text alert if your balance is below a threshold are self contained algorithms that do not need to have input from an externally mined dataset to function. The data used is purely related to the account holder and the action output is also purely related to the account holder. Thus it is self contained and therefore substantively different from the energy switch recommendation examples.

The TFL and country examples are again related purely to data held by and about that user. It doesn’t use mined data from other users to make these suggestions.

The issue I take exception to is Monzo using the spending data of their users to form mined datasets which would be required to power these comparisons. This needs to be carefully controlled and account holders should be able to opt out from being involved (both in terms of getting the recommendations but, more importantly, from having their data mined and used in the datasets used to enable these recommendations).

1 Like

If it’s aggregated, anonymised data then I really can’t see the problem? If you don’t trust Monzo to be able to handle that, then how can you trust them to handle the more difficult responsibility of keeping your money secure?

Having said that, if I’m missing anything & this could be an issue, then I’m sure they’ll give you an option to opt out :slight_smile:

1 Like

It happens on some level, yes. For example a bank will monitor transaction data to ensure the correct operation of their systems.

There are limits to this monitoring though, and organisations need to be clear to users how their data will be used. With the upcoming GDPR regulations this notification needs to be even more explicit (assumed consent is no longer acceptable) and the types of data considered either personally identifiable or sensitive is expanded considerably.

I would make the argument that monitoring transaction data to ensure correct operation is substantively different from mining transaction data to build datasets which can then be used as the basis for making recommendations. The former is required for the correct operation of the service, the latter is an added value option.

In my view, the latter needs to be carefully considered and users should be given the ability to decide whether they want their data used in this way or not.

2 Likes

you have the ultimate ability to decide already :slight_smile:

If you don’t see the problem then that’s absolutely fine. Some people are less concerned about their privacy than others.

Anyone who knows anything about data and datasets will tell you that anonymisation is notoriously difficult to get right so that individuals cannot be identified. I am sure that Monzo will throw all they have got at getting it right, so I’m not trying to imply otherwise. However, some will see the risks as too high so as long as an opt out is in place then that’s fine. Those who are more wary can opt out, whilst those more willing to share can benefit from the increased functionality.

In terms of the trust question. Banking regulations are far, far tighter than data protection regulations. Thus, Monzo won’t last very long if they don’t get the basics of the financial side of things right. The banking regulators are notoriously detailed as Monzo will have seen with the hoops they had to jump through to get their banking licenses in place.

Data protection on the other hand is another matter, even with the upcoming changes that GDPR will bring about. Any organisation can register as a data controller. It takes literally minutes. The Information Commissioner (ICO) doesn’t audit in the same way that the FCA do and the ICO usually relies on self-declaration from an organisation or complaints from a data subject in the event of a breach.

4 Likes

Very true :slight_smile:

Don’t get me wrong, I am not against the aim of using a user’s data for their benefit.

In terms of using aggregated data to benefit users, Monzo need to spend time getting this right and need to make sure they’re up front and transparent about what information they include in aggregated datasets and how they use any aggregated datasets. They also need to give users the ability to opt out if they’re uncomfortable with their information being used in this way.

Monzo also need to be transparent about the relationships they have with third parties that are the providers of the products that Monzo recommend. For example, if Monzo receive a commission on each successful conversion, users should be made aware of this so that they can decide whether or not they’re comfortable with the commercial relationships behind the recommendations - much like how Google are required to differentiate paid for results in search results so that users know which links are paid for and which are not.

1 Like

They’ve got this bit covered :slight_smile:

It’s going to be very interesting to see how this plays out. I can see there being large backlash initially, but it will probably fade out. Similar to when Gmail started, and there was outcry about how google were ‘reading’ people’s email to target ads. Now Gmail is the most popular email provider on the planet. Facebook went through a similar trajectory. These things tend to become normalised over time, and people stop being worried about it. Whether that’s a good thing or not is debatable.

Personally, I don’t mind the data analytics or privacy aspects so much as the effect it has on the relationship between you and the service provider - when you use Gmail, Google Docs etc, serving you is not the only aim. Keeping you happy is important, but still secondary to servicing advertisers. Hence why I don’t use Gmail any more. The more crucial the service, the more this matters - for Facebook I don’t mind, but for email or file storage I do. For banking, it really worries me.

We can’t really judge until we see the final product, but I think the assumption that monzo will always do the right thing, or that what they’ve stated about their intentions won’t change is naive. Google were a young, starry eyed startup once too.

4 Likes

Absolutely, and one of Google’s mottos - “don’t be evil”!

How many times have they ended up in hot water for not doing the right thing?

Your point about how crucial the service is, is a good one and very important.

Monzo need to tread carefully here.

2 Likes

Interestingly, Google have announced that they’ll stop doing this & the article :arrow_down: does cite concerns from users as one of the motivations -

so perhaps this issue hasn’t quite gone away - it certainly doesn’t seem to have here! Although it’s difficult to judge whether the opinions that users are sharing here, reflect the majority of Monzo’s user’s - quite a lot of people use Google & have accounts - but that’s up for the Monzo team to decide :sweat_smile:

I’m not sure exactly which posts you’re referring to here (if any) but I’m certainly not making that assumption :slight_smile:

Sorry, don’t mean to sound accusatory. I just mean that quotes from Tom and others saying how they will deal with these issues don’t really allay my concerns. I don’t think they’re being dishonest, just that their positions may change. I worked at Facebook 5 years ago, and saw people go from ‘we should never put ads amongst people’s content’ to ‘auto-playing video ads with sound in the news feed are totally reasonable’. Not through malice - it was just that their perspectives had been shifted.

I wish Monzo wouldn’t go down this path, but given that they’re committed to it, I sincerely hope that they live up to the confidence that you, and many others in this community, show in them.

2 Likes

I’ve just been rewatching Tom’s comments at Monzo’s July Open Office event & I noticed that he mentioned that Monzo is already doing sophisticated behavioural analysis, based on your transaction data & other data from the app, in order to detect fraudulent use of the service.

Obviously that is being compared to an aggregated dataset - to see whether you stand out as someone who’s not using the card ‘normally’ - so I’m not sure there’s a great deal of difference here. Obviously it’s a different application but it sounds like it’s a similar process and one that you can’t opt out of..

I think it’s interesting that people don’t worry about that sort of process - which every bank has put in place - but as soon as advertising gets bought up, it’s suddenly an issue :thinking:

This can be considered in terms of the criticality of the service argument that was made previously:

  • Fraud analysis is undertaken to protect the integrity of the banking platform and to benefit customers (by safeguarding their accounts).
  • Marketing analysis is undertaken to allow Monzo to sell users service, with customer benefit derived from them buying new services from new providers, thus customer benefit is a secondary output and not a primary objective - the primary objective for Monzo is to encourage conversions.

Monzo need to be careful to ensure that in the marketing analysis customers’ interests are being protected - there is a commercial incentive on Monzo to encourage conversions so it becomes very important that they are up front and transparent in their approach and that they give customers options to control how their data is used.

I see not being able to opt out of fraud analysis as different from not being able to opt out of marketing analysis.

  • Fraud analysis is undertaken to protect customers and the banking platform and so I think it is reasonable to not allow customers to opt out of the analysis
  • Marketing analysis is undertaken as a way to drive sales and so I think it is unreasonable to not allow customers to opt out of the analysis.
3 Likes

Apart from “doing the right thing”, Monzo will also have to comply with legislation and regulation. The purposes of data collection need to be made clear to customers, and they need to opt in to these.

Also note that there are many good examples where aggregated data has been successfully de-anonymised to identify individuals, so be careful about how this is done, how it is published, and who has access to it. And, be wary of mining data and somehow changing personal data into sensitive personal data (e.g. guessing someone’s religious beliefs to market something particular to them), as some companies have fallen foul of previously.