How NatWest’s May 20 2026 Biometric Data Update Affects Online Banking Users
NatWest has announced that, starting on May 20 2026, it will process customers’ biometric data using legitimate interests instead of explicit consent. The bank sent emails to millions of online banking users to explain the change and to reassure them that no action is required. This update is part of the bank’s broader digital‑first strategy and follows recent announcements about branch closures and app enhancements. Understanding the rationale behind the shift helps customers feel confident about their data privacy and account security.
What Is Biometric Data
Biometric data refers to unique physical characteristics such as a face, voice, or fingerprint that the bank uses to verify a user’s identity. When you enable biometric login in the NatWest mobile app or Voice ID for telephone banking, you automatically grant permission for the bank to store and use this information. The official definition includes any method that helps confirm it is really you attempting to access an account. Source 2 provides a detailed explanation of the term.
Why the Change From Consent to Legitimate Interests
Under data‑protection law, legitimate interests allows an organization to process personal data when there is a clear, fair reason that supports an important service. NatWest states that the new legal basis will help keep accounts secure and prevent fraud while maintaining the same level of protection customers expect. The bank emphasizes that this change does not alter the way the app or telephone banking functions; it simply updates the legal justification for using the data. Source 3 confirms the bank’s statement that customers need not take any additional steps.
What Customers Need to Know
Customers will continue to use their biometric login exactly as before, with no changes to the user experience. The bank has made it clear that there is nothing you need to do to prepare for the May 20 update. If you have any concerns, NatWest recommends checking the official notification email or contacting customer support for clarification. The update is designed to be seamless, ensuring that fraud detection remains robust while respecting privacy regulations.
Impact on Account Security and Fraud Prevention
By shifting to legitimate interests, NatWest aims to strengthen its ability to detect suspicious activity in real time. The bank can now apply its own risk assessments without waiting for separate consent each time a transaction is made. This approach supports faster identification of fraudulent attempts, which benefits both the bank and its customers. Maintaining strong security measures is especially important given that more than 10 million users access the mobile app daily, as reported by the bank.
Frequently Asked Questions
Below are common questions customers have about the upcoming change:
- Do I need to re‑enter my biometric data? No, the bank will continue to use the data you already provided.
- Will my account be less secure after the change? No, the bank states that security will remain the same; only the legal basis for processing is updated.
- Can I opt out of biometric authentication? Yes, you can disable biometric login in the app settings at any time.
- Will I receive another notification? NatWest has indicated that the current email is the only formal notice required.
If you have additional concerns, the bank’s customer‑service team is available through the app or via telephone.
Why NatWest is Closing Branches in 2026
NatWest has said it will close many of its physical locations as part of a larger shift toward digital banking. The bank says fewer customers need to visit a teller because most transactions now happen online or through mobile apps. This change is part of a plan that was first mentioned in a May 20 2026 update about biometric data processing.
The main reason for the closures
The bank explains that customer habits have changed dramatically. Online banking and mobile banking usage have grown by double‑digit percentages over the last few years. As a result, NatWest says it can keep services running while reducing the cost of maintaining large numbers of brick‑and‑mortar sites.
Key Details of NatWest’s 20 May 2026 Biometric Data Update
NatWest will switch the legal basis for processing face and voice data from customer consent to legitimate interests on 20 May 2026. This change is described in the bank’s official alert and is intended to provide a clearer framework for using biometric information to prevent fraud. The update is documented in the NatWest May 20 2026 alert, which explains that the shift does not affect how customers interact with the mobile app, online banking, or Telephone Banking.
Legal Basis Change Explained
Under UK data protection law, organisations may rely on either explicit consent or legitimate interests when handling personal data. NatWest states that moving to legitimate interests gives the bank a more consistent way to apply biometric data for security purposes without needing repeated opt‑ins. The bank emphasizes that this adjustment is a procedural refinement, not a new risk, and it will not alter the functional performance of Face ID or Voice ID.
No Immediate Action Required From Customers
The alert makes clear that customers do not need to update account settings, change passwords, or perform any extra steps. To illustrate the unchanged process, the bank lists the following items that will remain the same:
- Face ID and Voice ID will continue to work as normal.
- Payments, card details, PIN access, and account changes will still use biometric approval.
- The method of receiving security codes via email or text will stay unchanged.
Customers are advised to remain vigilant against phishing attempts that may reference the update, but the bank confirms there is no new technical issue or risk associated with the change.
Biometric Features Remain Active
From 20 May 2026, the bank will continue to use facial recognition and voice recognition as part of its fraud prevention toolkit. The shift to legitimate interests simply clarifies the legal justification for this usage. As a result, the overall user experience in the mobile app and online banking interfaces will feel identical to the current experience, with no disruption to day‑to‑day banking activities.
Privacy Rights and Objection Options
Even after the legal basis changes, customers retain full privacy rights under UK law. NatWest confirms that individuals can still object to the processing of their biometric data if they have concerns. The objection process is described in the bank’s privacy documentation, which is accessible through the online banking portal. This ensures that customers can exercise control over how their data is used while still benefiting from enhanced security measures.
Enhanced Fraud Protection Through Legitimate Interests
By adopting legitimate interests as the legal basis, NatWest aims to streamline fraud detection across its services. The bank explains that this approach allows it to apply biometric checks more reliably, reducing the chances of unauthorized access while maintaining a consistent security posture. Consequently, customers can expect stronger protection against fraudulent activity without any additional steps on their part.
Where To Find More Information
For further details, customers can review the full NatWest press release page, which provides official statements and FAQs about the update. Additional guidance is available in the bank’s updated privacy notice, linked directly from the mobile app settings.
Comments 0