Management at Bitvavo had access to customer data for years
In the media image: Viktor Forgacs on Unsplash
Bitvavo managers had access to customer data for years, claiming it was needed to register new customers in the past. In newspaper ‘Financieele Dagblad’, Gerrit-Jan Zwenne, Professor of Law and Digital Technologies, calls this privilege ‘a risky and therefore problematic decision.’
Until the spring of 2024, managers and owners at crypto platform Bitvavo could access their customers' personal data and accounts. This is remarkable since according to privacy regulations, access to this data is only reserved for a small group of employees, such as the anti-money laundering department and customer services. According to several experts, it is unusual for the company management to have access to customer data. Bitvavo says that its board members were able to do so because they had initially helped to register new customers.
Professor Zwenne says that this approach creates unnecessary security risks. ‘Privacy law stipulates that access to customer data is limited to those who actually need the data for the tasks assigned to them. Given the company's size and growth, it might have been useful to grant management all kinds of access rights, but that is at odds with privacy law. It was a risky and therefore problematic choice.'
More information?
Read the full FD article (€, in Dutch)