Details:
| Summary | The Hungarian DPA (NAIH) has fined Budapest Bank Zrt. EUR 634,000. NAIH reports that the bank used an artificial intelligence-driven software solution to automate the evaluation of customers’ emotional state. The speech evaluation system determined which customers needed to be recalled based on the customer’s mood. The bank operated the application to prevent complaints and to keep customers.
The bank did not inform the data subjects, that the processing of their data serves, among other things, for customer retention purposes, meaning that customers were not in a position to object to the processing. As a result, the rights of the data subjects regarding adequate information and the right to object were not guaranteed. The DPA also found that the bank’s legitimate interest as a legal basis for processing the personal data was not sufficiently substantiated as the bank had not sufficiently examined the interests of the data subjects. The bank thus processed the data without a valid legal basis. |
| Link: | link |
| Related articles: | Art. 5 (1) a), b) GDPR, Art. 6 (1), (4) GDPR, Art. 12 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 21 (1), (2) GDPR, Art. 24 (1) GDPR, Art. 25 (1), (2) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 634,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/