Bank – €100 Fine (Austria, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian bank was fined for copying a customer's ID when they exchanged a small amount of currency. The bank claimed it was for money laundering prevention, but the law only requires this for amounts over EUR 1000. This case highlights the importance of knowing when it's necessary to collect personal information.
What happened
A bank employee copied a client's ID for a currency exchange of EUR 100, citing money laundering rules that apply only to larger amounts.
Who was affected
Bank clients exchanging small amounts of currency were affected by unnecessary ID copying.
What the authority found
The Austrian authority fined the bank for not having a valid reason to collect and store the customer's ID, violating GDPR's data minimization and lawful processing principles.
Why this matters
This case reminds businesses to understand the legal thresholds for data collection and to ensure they only gather personal information when truly necessary. It underscores the need for clear policies on when and why personal data is collected.
GDPR Articles Cited
A bank employee made a copy of the identity card of a bank client who wanted to exchange EUR 100 in foreign currency and justified this with money laundering charges. However, these only apply to a sum of EUR 1000 and above.
Related Enforcement Actions (1)
Other enforcement actions involving Bank in AT
Details
Fine Date
5 August 2020
Authority
Datenschutzbehörde
Fine Amount
€100
Enforcement Tracker ID
ETid-372
About this data
Cite as: Cookie Fines. Bank - Austria (2020). Retrieved from cookiefines.eu
Last updated: