Lloyds Bank criticised for using anonymised staff bank account data in union pay talks

Lloyds Banking Group is facing scrutiny after its customer insights team analysed the personal bank accounts of over 30,000 employees to assess their financial resilience during pay negotiations. A person familiar with the analysis maintained that the use of anonymised, aggregated data was "fully compliant" and "not unusual." 

The analysis, which compared the spending, savings, and salary increases of the lowest-paid employees with those of customers, was presented during salary talks with UK trade unions. The bank, which employs around 65,000 people, reportedly used the findings to show that employees fared better than the general public during the cost-of-living crisis and, therefore, justified a lower pay increase. 

Although Lloyds stated the data used was anonymous and "fully aggregated," some union officials complained that the exercise was an invasion of staff privacy and argued the bank was using employee loyalty to the bank against them in negotiations. 

The bank proposed a pay increase of £1,200 for 2026 and 2027  for its lowest-paid staff, an offer approved by the recognised Accord and Unite unions. However, the unrecognised union Affinity rejected the offer as unsatisfactory. Affinity general secretary Mark Brown stated the bank "had no legitimate reason accessing staff accounts without permission" and plans to raise the matter with the Information Commissioner's Office (ICO).

Accord's general secretary, Ged Nichols, also defended the bank's actions, stating that the information was "helpful" in understanding how employees were managing the cost-of-living crisis. However, legal director Ravi Naik of law firm AWO suggested that aggregation may not excuse the use of the data, warning that the bank may find it difficult to justify the processing as "necessary" given its apparent service to commercial interests over those of its customers.

Commenting on a related article for BBC News, Jon Baines, senior data protection specialist at Mishcon de Reya, said: "I note that Lloyds insist that they used 'anonymised, aggregated customer data', but presumably someone, or some program, had to access individual account data in the first place in order to create the anonymised, aggregated dataset - otherwise how could that dataset have any meaning or utility?

"If the Information Commissioner does investigate, no doubt he will want to know whether the exercise was done fairly and transparently.

"For instance, were individuals informed in advance that this sort of analysis was being undertaken or would they reasonably expect it might? Were they given the opportunity to object to the use of their account information?"

£ - This article requires a subscription.

A version of this article is available without subscription in BBC News.

Training Announcement: Freevacy offers a range of independent data protection qualifications from IAPP and BCS. Our certified courses are available at foundation and practitioner levels and cover multiple legal jurisdictions, data protection operations management, and the implementation of complex privacy solutions in technical environments. Find out more.