Can my bank share my transactions — and who else sees them?

Verdict: Only where a law or YOUR consent opens the door

Bank secrecy still exists — with legal doors through it: anti-money-laundering law, tax reporting, and the open-banking access YOU grant apps. Marketing use of your spending is the part you control.

Three doors, three rules. Doors the law opens: anti-money-laundering monitoring (banks must screen transactions and report suspicions — no consent involved), tax reporting to your authorities, court orders. You cannot close these; you can use access rights to see what data exists, though AML suspicion reports themselves are exempt from disclosure. Doors YOU open — open banking: under PSD2 any licensed app you authorise (budgeting tools, accounting software, payment initiators) can read your account data. The consent is yours, is time-limited (re-confirmation cycles), and is revocable both in the app and at your bank — audit the connected-apps list in your banking app; most people find zombie authorisations. A dedicated Financial Data Access framework extending this to insurance and investments is in the works. The marketing door: your bank analysing spending to profile and pitch you runs on consent or legitimate interest — refusable and objectionable like any marketing (Art. 21); “personalised offers” toggles live in your banking-app privacy settings. What banks may never do: sell identifiable transaction data to third parties without a lawful basis. Bonus protection since October 2025: the IBAN-name check verifies recipients on euro transfers — a scam shield, covered in What’s changing.

Verified against the sources above on 18 July 2026. Information, not legal advice.

← Is this allowed?📞 Your data protection authority