Details:
| Summary | The DPA of Lower Saxony has imposed a fine of EUR 900,000 on Hannoversche Volksbank.
The bank had analyzed data from active and former customers without their consent. For this purpose, the bank analyzed digital usage behavior and evaluated, among other things, purchases in app stores, the frequency of use of bank statement printers and the total number of transfers in online banking compared to the use of in-branch services. In addition, the results were cross-checked with a credit agency, where they were further supplemented. The aim was to identify customers with an increased willingness to use digital media and to address them more intensively via electronic communication channels for promotional purposes. Most customers were provided with information in advance. However, the DPA found that this did not replace the required consent. In determining the fine, it was taken into account that the bank did not make further use of the results of its evaluations. In addition, the bank cooperated with the DPA during the investigation. |
| Link: | link |
| Related articles: | Art. 6 (1) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 900,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/