Deutsche Kreditbank – €300,000 Fine (Germany, 2023)

€300,000Bundesbeauftragter für den Datenschutz31 May 2023Germany
appealed
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Deutsche Kreditbank was fined EUR 300,000 for not explaining why they rejected a customer's credit card application. The bank used automated decision-making but didn't provide the customer with the reasons behind the decision, which is against GDPR rules. This case shows the importance of transparency in automated decisions.

What happened

Deutsche Kreditbank refused to explain the reasons behind an automated credit card application rejection.

Who was affected

A customer whose credit card application was automatically rejected without explanation.

What the authority found

The Berlin DPA found that the bank violated GDPR by not providing the customer with information about the automated decision-making process.

Why this matters

This case highlights the need for companies to be transparent about automated decisions affecting customers. Businesses using automated systems must ensure they can explain decisions to comply with GDPR and maintain customer trust.

GDPR Articles Cited

AI-verified

Art. 5(1)(a) GDPR
Art. 15(1)(h) GDPR
Art. 22(3) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 15(1)(h) GDPR
Art. 22(3) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
authority corrected
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Deutsche Kreditbank actions
Full Legal Summary
Detailed

The DPA of Berlin has imposed a fine of EUR 300,000 on Deutsche Kreditbank. A customer had filed a complaint with the DPA. The customer had submitted an application for a credit card to the bank, which was rejected in the course of an automated decision, despite the customer's good credit history and high income. The customer then requested an explanation of the reasons for the rejection of their application and the basis on which the automated decision was made. However, the controller refused to provide such information to him, which also made it difficult for the customer to appeal the decision. The DPA found that the controller violated its obligation to transparently inform the data subject about the decision upon request.

Related Enforcement Actions (0)

No other enforcement actions found for Deutsche Kreditbank in DE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

31 May 2023

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€300,000

Enforcement Tracker ID

ETid-1856

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Deutsche Kreditbank - Germany (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: