Bank – €1,500,000 Fine (Croatia, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Croatian bank was fined for collecting data on users' installed apps without proper legal justification through its mobile banking app. This matters because it shows that companies must limit data collection to what is necessary. Businesses should review their data practices to ensure they comply with privacy laws.
What happened
The bank's mobile banking app collected data on every app installed on users' devices without sufficient legal basis.
Who was affected
Customers using the bank's mobile app were affected by this data collection.
What the authority found
The Croatian Data Protection Authority found that the bank violated GDPR principles by not minimizing data collection.
Why this matters
This case underscores the need for companies to collect only the data they truly need. Businesses should assess their data collection practices to avoid similar violations.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Croatian DPA has imposed a fine of EUR 1,500,000 on a bank. The controller offers its customers mobile banking via an app developed by the controller. On Android and Huawei devices, the app collected data on every app installed on the device. This happened without sufficient legal basis and infringed the principle of data minimisation.
Related Enforcement Actions (0)
No other enforcement actions found for Bank in HR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
18 December 2025
Authority
Agencija za zaštitu osobnih podataka
Fine Amount
€1,500,000
Enforcement Tracker ID
ETid-3102
About this data
Cite as: Cookie Fines. Bank - Croatia (2025). Retrieved from cookiefines.eu
Last updated: