Hungary
Budapest Bank Zrt.
GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2022-02-08.
Case details
- Authority
- Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
- Date
- 2022-02-08
- Controller / Processor
- Budapest Bank Zrt.
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (1) a), b) GDPR, Art. 6 (1), (4) GDPR, Art. 12 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 21 (1), (2) GDPR, Art. 24 (1) GDPR, Art. 25 (1), (2) GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The Hungarian DPA (NAIH) has fined Budapest Bank Zrt. EUR 634,000. NAIH reports that the bank used an artificial intelligence-driven software solution to automate the evaluation of customers' emotional state. The speech evaluation system determined which customers needed to be recalled based on the customer's mood. The bank operated the application to prevent complaints and to keep customers.
The bank did not inform the data subjects, that the processing of their data serves, among other things, for customer retention purposes, meaning that customers were not in a position to object to the processing. As a result, the rights of the data subjects regarding adequate information and the right to object were not guaranteed.
The DPA also found that the bank's legitimate interest as a legal basis for processing the personal data was not sufficiently substantiated as the bank had not sufficiently examined the interests of the data subjects. The bank thus processed the data without a valid legal basis.
Related fines