Banca popolari di Bari S.p.a. – €10,000 Fine (Italy, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Banca Popolari di Bari was fined for not responding properly to a request from a woman seeking information about her deceased father's bank accounts. The bank failed to provide timely access to the information, which is important for heirs to manage estates. This case highlights the need for banks to handle such requests efficiently.
What happened
Banca Popolari di Bari did not respond properly to a request for access to a deceased person's bank account information.
Who was affected
The woman who was the heir to her deceased father's bank accounts.
What the authority found
The data protection authority found that the bank violated rules by not responding adequately to the heir's access request.
Why this matters
This case underscores the importance of timely responses to data requests, especially for sensitive matters like inheritance. Other banks should ensure they have efficient processes in place for handling such requests.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
On 31 July 2023 a data subject complained to the DPA against a bank - Banca popolari di Bari S.p.a. (‘controller’). The data subject made an access request as an heir to her deceased father. The request was based on Article 15 GDPR and [https://www.garanteprivacy.it/codice Article 2-terdecies of the Italian Data Protection Code] which makes a special reference to heirs who are beneficiaries of life insurance policies. The data subject claimed that despite repeated requests, the bank initially stated there were no accounts in her father's name. Later, the bank acknowledged their existence but failed to provide the requested information. After the Authority intervened, the bank partially responded, offering access to account statements for the last ten years but requiring a formal request under [https://www.bancaditalia.it/compiti/vigilanza/intermediari/Testo-Unico-Bancario.pdf Article 119 of Consolidated Bank Act no. 385/1993]. The complainant remained dissatisfied and insisted on the access to all data related to her father. Following this, the bank finally provided account statements of the deceased person. Nevertheless, the DPA initiated proceedings against the bank for violations of Articles 12(3), 12(4) and 12(5) GDPR related to the action taken on the request of the data subject. In the defense briefs, the bank explained that the failure to timely reply to the initial request of the data subject and to the subsequent reminders was caused by a series of operational misunderstandings. In particular, the data subject mistakenly directed their request to a different e-mail address rather than the one designated for the Data Protection Officer. Moreover, the bank initially believed that no accounts were held in the name of the deceased and subsequently, the organizational unit of the bank misclassified the request. All of this led to the failure to promptly handle the request within the prescribed timeframes. The bank promptly took steps to address the situation
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Banca popolari di Bari S.p.a. in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
7 March 2024
Authority
Garante per la protezione dei dati personali
Fine Amount
€10,000
GDPRhub ID
gdprhub-7860About this data
Cite as: Cookie Fines. Banca popolari di Bari S.p.a. - Italy (2024). Retrieved from cookiefines.eu
Last updated: