IBERCAJA BANCO, S.A. – €42,000 Fine (Spain, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
IBERCAJA BANCO, S.A. was fined for sharing more personal data than necessary during a bank transfer. This is important because it shows that banks must handle customer information carefully. Customers should know their data is protected and not shared unnecessarily.
What happened
The bank transmitted excessive personal data to the recipient during a payment transaction.
Who was affected
Customers whose personal data was shared during bank transactions.
What the authority found
The Spanish data protection authority determined that the bank violated GDPR rules by not limiting the data shared to what was necessary.
Why this matters
This ruling serves as a reminder for financial institutions to be cautious with customer data. Businesses should ensure they only share necessary information to comply with privacy laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Spanish DPA imposed a fine of EUR 42,000 on IBERCAJA BANCO, S.A. During a bank transfer, the controller transmitted more data then necessary to the recipient of the payment. The original fine of EUR 70,000 was reduced to EUR 42,000 due to immediate payment and admission of responsibility by the controller.
Related Enforcement Actions (1)
Other enforcement actions involving IBERCAJA BANCO, S.A. in ES
Details
Fine Date
20 June 2025
Authority
Agencia Española de Protección de Datos
Fine Amount
€42,000
Enforcement Tracker ID
ETid-2746
About this data
Cite as: Cookie Fines. IBERCAJA BANCO, S.A. - Spain (2025). Retrieved from cookiefines.eu
Last updated: