The Information Commissioner’s Office (ICO) has said that our complaint has been passed to its investigation team. The Commissioner also said that members can make individual complaints to the ICO.
Members can complete the online complaints form on the ICO website choosing a ‘data protection complaint’ (not whistleblowing). The link is below:
https://ico.org.uk/make-a-complaint/data-protection-complaints/
You’ll be asked four basic questions before you can make a formal complaint. Answer the questions as follows:
1. What is your complaint about? How an organisation is using personal information.
2. Is your concern about how an organisation has used yours, or another living person’s data? Yes – my data.
3. Have you complained to the organisation directly? Yes
4. What is the outcome of your compliant? I received a response I’m unhappy with and I want to complain to the ICO.
You can then make a formal complaint.
One of the questions says: ‘Give a short summary about what the organisation did that led to this complaint.’.
We suggest members use the following text:
Members
Lloyds accessed my personal current account and analysed my transaction data without my knowledge or approval. I consider that to be a breach of my data protection rights and an invasion of my privacy. There is nothing in the Bank’s privacy notice which allows it to access my personal current account for the reasons it did.
The Bank said the data was aggregated and anonymised, but it had no legitimate reason to access my data. The transaction data in my account are personal, non‑employment based data, the collation of which wasn’t necessary to determine my financial resilience. If the Bank had wanted to know whether I was resilient financially then it could have asked me directly. It didn’t do that. The data it processed served its interests and not mine.
I consider this to be a major breach of the Data Protection Act that needs to be investigated as a matter of priority.
Wife/Partner
I’m not an employee of Lloyds Banking Group but my (insert relation e.g. wife, partner etc.) is. We have a joint personal current account with (insert name of Bank e.g. Halifax).
I understand the Bank’s Customer Insight Team accessed my personal current account to view my transaction data purportedly to determine how financially resilient my (insert relation e.g. wife, partner etc.) was compared to the public. That measure of resilience was then used by Lloyds to justify its pay offer.
Lloyds accessed my personal current account and analysed my transaction data without my knowledge or approval. I consider that to be a breach of my data protection rights and an invasion of my privacy.
The Bank has said the data was aggregated and anonymised, but it had no legitimate reason to access my data. The transaction data in my account is personal to me and the Bank had no legitimate right to access it. Ther fact that my (insert relation e.g. wife, partner etc.) works for the Bank doesn’t give it the right to trawl through my personal current account.
It then asks: ‘Give a timeline of key events related your complaint.”. Members can insert the following text:
Members
‘My trade union, Affinity, found out about what Lloyds Banking Group had done and published a Newsletter alerting members. That was on 11th November 2025. The issue was also covered by several newspapers including the Financial Times, Times, Telegraph, Daily Mail and numerous other newspaper groups. It was also covered by the BBC.’.
Wife/Partner
‘My (insert relation e.g. wife, partner etc.) trade union, Affinity, found out about what Lloyds Banking Group had done and published a Newsletter alerting its members. That was on 11th November 2025. The issue was also covered by several newspapers including the Financial Times, Times, Telegraph, Daily Mail and numerous other newspaper groups. It was also covered by the BBC.’.
The online form then asks what you would like to happen next? Members should insert: ‘I would like the ICO to adjudicate on whether the data trawl carried out by Lloyds Banking Group in November 2025 was lawful under the Data Protection Act.’.
Members and their partners should attach a copy of the letter they sent to Mr. Charlie Nunn.
Finally, you can refer to the Union’s case in the final box asking for any further information. The Union’s advice case reference number is IC‑450949‑V7V5.
We are aware that some members have received responses from Lloyds regarding the data trawling. The Union is putting together responses for members and partners etc. to send to Lloyds and the Financial Ombudsman Service. Those will be going out shortly.