Germany
Deutsche Kreditbank
GDPR enforcement action by Data Protection Authority of Berlin on 2023-05-31.
Case details
- Authority
- Data Protection Authority of Berlin
- Date
- 2023-05-31
- Controller / Processor
- Deutsche Kreditbank
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (1) a) GDPR, Art. 15 (1) h) GDPR, Art. 22 (3) GDPR
- Type of violation
- Insufficient fulfilment of data subjects rights
Summary
The DPA of Berlin has imposed a fine of EUR 300,000 on Deutsche Kreditbank. A customer had filed a complaint with the DPA. The customer had submitted an application for a credit card to the bank, which was rejected in the course of an automated decision, despite the customer's good credit history and high income. The customer then requested an explanation of the reasons for the rejection of their application and the basis on which the automated decision was made. However, the controller refused to provide such information to him, which also made it difficult for the customer to appeal the decision. The DPA found that the controller violated its obligation to transparently inform the data subject about the decision upon request.
Related fines