ING Bank N.V. – Court Ruling (Netherlands, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that ING Bank N.V. did not properly notify a customer about reporting their unpaid balance to a credit registry. This matters because it highlights the importance of clear communication from banks to their customers regarding their financial status.
What happened
ING Bank N.V. failed to notify a customer about reporting their outstanding credit limit to a credit registry.
Who was affected
The customer who had an account with ING Bank N.V. and was unaware of the reporting.
What the authority found
The court found that ING Bank N.V. did not adequately inform the customer, violating the requirement for proper notification under GDPR.
Why this matters
This case emphasizes the need for banks to ensure customers receive timely and clear notifications about their accounts. It serves as a reminder for all companies to communicate effectively with users to avoid similar issues.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data subject had a bank account at a Dutch bank, ING Bank N.V. (the controller). The account had a credit limit of €250. The data subject used internet banking to check their account and make transactions. The data subject also downloaded the controller’s mobile app. The website and the mobile app of the controller have an electronic message box that the controller uses to communicate with account holders. The controller sent multiple messages to the electronic message box of the data subject stating that the account exceeded the €250 credit limit. The controller also stated that if the balance is not replenished to a positive amount within the given deadline, the controller was obligated to report the outstanding amount to the Central Credit Registration Office (“Bureau Krediet Registratie – BKR”) in their Central Credit Information System (“Centraal Krediet Informatiesysteem – CKI”) under Article 13 of the Dutch General Regulations CKI (“Algemeen Reglement CKI – AR”). Two months later, on 10 January 2019, the controller reported the outstanding payment to the BKR. The data subject's BKR statement showed a so-called 2-code in the CKI. This special code entailed that the controller demanded payment of balance. On 18 February 2019, the data subject settled the credit limit. The data subject initiated proceedings by application at the District Court Midden-Nederland (“Rechtbank Midden-Nederland”). The data subject requested the court to rule that the controller did not notify the data subject about the the registration at the BKR, as stipulated in the GDPR. He was therefore unable to prevent the registration of his balance deficit in the CKI. The data subject argued it had never seen the messages in the electronic message box as he had not logged in for a while, and he also did not receive push notifications on the app that there were new messages. The data subject argued that the controller should have notified him by different means. The data subject there
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (6)
Other cases involving ING Bank N.V. in NL
Court Ruling
Details
About this data
Cite as: Cookie Fines. ING Bank N.V. - Netherlands (2020). Retrieved from cookiefines.eu
Last updated: