Bank – €1,500,000 Fine (Croatia, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A bank was fined €1,500,000 for collecting too much data from users of its mobile banking app without proper permission. The app tracked every app installed on users' devices, which is against data protection rules. This case shows that businesses must limit data collection to what is necessary.
What happened
The bank's mobile banking app collected data on all apps installed on users' devices without a valid legal basis.
Who was affected
Customers using the bank's mobile app who had their data improperly collected.
What the authority found
The Croatian DPA ruled that the bank violated GDPR by not following the principle of data minimization and lacking a valid legal basis for data collection.
Why this matters
This ruling reinforces the importance of collecting only the data that is necessary for business operations. Companies should review their data collection practices to ensure compliance.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Croatian DPA has imposed a fine of EUR 1,500,000 on a bank. The controller offers its customers mobile banking via an app developed by the controller. On Android and Huawei devices, the app collected data on every app installed on the device. This happened without sufficient legal basis and infringed the principle of data minimisation.
Related Enforcement Actions (0)
No other enforcement actions found for Bank in HR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
18 December 2025
Authority
Agencija za zaštitu osobnih podataka
Fine Amount
€1,500,000
Enforcement Tracker ID
ETid-3102
About this data
Cite as: Cookie Fines. Bank - Croatia (2025). Retrieved from cookiefines.eu
Last updated: