Ubi Banca spa – €100,000 Fine (Italy, 2021)

€100,000Garante per la protezione dei dati personali16 December 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Italy's data protection authority fined Ubi Banca spa EUR 100,000 for revealing sensitive financial information on an envelope. This matters because it shows how even small details can breach privacy rules. Businesses should ensure all customer communications are discreet and protect personal data.

What happened

Ubi Banca spa was fined for printing 'anomalous credit Chieti' on an envelope, potentially revealing financial information.

Who was affected

The recipient of the letter, whose financial situation could be inferred by others from the envelope's wording.

What the authority found

The Italian authority found that Ubi Banca spa violated GDPR principles of lawfulness, transparency, and data minimization.

Why this matters

This case highlights the importance of protecting customer privacy in all communications, even seemingly minor details like envelope text. Companies should review their practices to avoid unintentional data exposure.

GDPR Articles Cited

Art. 5(1)(a) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Ubi Banca spa actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 100,000 on Ubi Banca spa (now Intesa Sanpaolo spa). A data subject had filed a complaint with the DPA for receiving a letter from the controller, with the envelope stating 'anomalous credit Chieti'. However, the letter did not contain payment reminders but only information about the transparency of banking and financial services. For this reason, the DPA found that the controller had violated the principles of lawfulness and transparency as well as the principle of data minimization. After all, the term on the envelope could enable third parties to obtain information about the recipient's financial situation, regardless of the contents in the envelope.

Related Enforcement Actions (0)

No other enforcement actions found for Ubi Banca spa in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

16 December 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€100,000

Enforcement Tracker ID

ETid-1063

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Ubi Banca spa - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: