IBERCAJA BANCO, S.A. – €180,000 Fine (Spain, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
IBERCAJA BANCO, S.A. was fined for accessing a customer's credit file after their contract ended. The bank did not have a valid reason to access this information without an ongoing relationship. This case highlights the importance of having a legal basis for accessing customer data.
What happened
IBERCAJA BANCO accessed a customer's credit file unlawfully after the contract was terminated.
Who was affected
The customer whose credit file was accessed after their relationship with the bank ended.
What the authority found
The Spanish DPA ruled that the bank lacked a valid legal basis for accessing the customer's data, violating GDPR requirements.
Why this matters
This ruling emphasizes that companies must have a legitimate reason to access personal data, even after a contract ends. Businesses should ensure they understand the legal grounds for data access to avoid penalties.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Spanish DPA has fined IBERCAJA BANCO, S.A. for unlawfully accessing a customer’s credit file after the termination of their contractual relationship. The DPA concluded that without an existing contractual relationship, the bank had no valid legal basis for the access. The original fine of EUR 300,000 was reduced to EUR 180,000 due to immediate payment and admission of responsibility.
Related Enforcement Actions (1)
Other enforcement actions involving IBERCAJA BANCO, S.A. in ES
Details
Fine Date
22 October 2024
Authority
Agencia Española de Protección de Datos
Fine Amount
€180,000
Enforcement Tracker ID
ETid-2473
About this data
Cite as: Cookie Fines. IBERCAJA BANCO, S.A. - Spain (2024). Retrieved from cookiefines.eu
Last updated: