Italy Italy

Ubi Banca spa

100,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2021-12-16.

Rank · Sector
#88
of 322 in Finance, Insurance and Consulting
Rank · Italy
#73
of 543
Rank · All fines
#466
of 3,042

Case details

Authority
Italian Data Protection Authority (Garante)
Date
2021-12-16
Controller / Processor
Ubi Banca spa
Sector
Finance, Insurance and Consulting
Quoted Articles
Art. 5 (1) a), c) GDPR
Type of violation
Non-compliance with general data processing principles

Summary

The Italian DPA has imposed a fine of EUR 100,000 on Ubi Banca spa (now Intesa Sanpaolo spa). A data subject had filed a complaint with the DPA for receiving a letter from the controller, with the envelope stating "anomalous credit Chieti". However, the letter did not contain payment reminders but only information about the transparency of banking and financial services. For this reason, the DPA found that the controller had violated the principles of lawfulness and transparency as well as the principle of data minimization. After all, the term on the envelope could enable third parties to obtain information about the recipient's financial situation, regardless of the contents in the envelope.

Open original source Links to the regulator's original publication or another source.

Related fines

Italy
Italy
2024-02-08
79,100,000 €
ETid-2306
Enel Energia SpA
Transportation and Energy
Italy
Italy
2026-03-26
31,800,000 €
ETid-3162
Intesa Sanpaolo S.p.A.
Finance, Insurance and Consulting
Italy
Italy
2020-01-15
27,800,000 €
ETid-189
TIM (telecommunications operator)
Media, Telecoms and Broadcasting
Italy
Italy
2022-02-10
20,000,000 €
ETid-1098
Clearview Al Inc.
Industry and Commerce
Italy
Italy
2020-07-13
16,700,000 €
ETid-336
Wind Tre S.p.A.
Media, Telecoms and Broadcasting
Italy
Italy
2024-11-02
15,000,000 €
ETid-2497
OpenAI OpCo LLC
Media, Telecoms and Broadcasting
Back to all fines