Banco Bilbao Vizcaya Argentaria SA – €100,000 Fine (Italy, 2025)

€100,000Garante per la protezione dei dati personali10 July 2025Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Banco Bilbao Vizcaya Argentaria SA failed to provide a customer with requested phone call recordings after a fraud incident involving a bank transfer. This oversight is significant because it shows the importance of transparency and responsiveness in handling customer data requests. Banks must be diligent in protecting customer rights and providing access to personal data.

What happened

The bank did not provide a customer with recordings of phone calls related to a fraud incident.

Who was affected

A customer who experienced fraud involving a bank transfer was affected.

What the authority found

The Italian data protection authority determined that the bank did not adequately respond to the customer's request for their data, violating privacy rules.

Why this matters

This ruling emphasizes that companies must be responsive to customer requests for their personal data. Businesses should ensure they have processes in place to handle such requests promptly.

GDPR Articles Cited

AI-verified

Art. 15(GDPR)
Art. 12(3) GDPR
View original scraped data
Art. 12(3) GDPR
(4) GDPR
Art. 15(GDPR)

Original data from scraper before AI verification against source document.

Source verified 5 May 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Banco Bilbao Vizcaya Argentaria SA actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 100,000 on Banco Bilbao Vizcaya Argentaria SA. A customer of the data controller contacted the customer service of the controller, due to the fact that the data subject had been subjected to a fraud concerning a bank transfer in the amount of EUR 9,999. The data subject requested the recordings of phone calls in a defined time period but the controller failed to directly provide those recordings.

Related Enforcement Actions (0)

No other enforcement actions found for Banco Bilbao Vizcaya Argentaria SA in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

10 July 2025

Authority

Garante per la protezione dei dati personali

Fine Amount

€100,000

Enforcement Tracker ID

ETid-1277

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Banco Bilbao Vizcaya Argentaria SA - Italy (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: