ING Bank Śląski – €4,323,250 Fine (Poland, 2025)

€4,323,250Urząd Ochrony Danych Osobowych26 August 2025Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

ING Bank Śląski was fined over 4.3 million euros for scanning the identity documents of all customers without a proper legal reason. This matters because it shows that companies must carefully assess their data collection practices to ensure they comply with privacy laws. Businesses should review their processes to avoid similar penalties.

What happened

ING Bank Śląski scanned the identity documents of every customer and potential customer without a sufficient legal basis.

Who was affected

Customers and potential customers of ING Bank Śląski whose identity documents were scanned.

What the authority found

The Polish DPA ruled that the bank lacked a valid legal basis for processing personal data, violating GDPR requirements.

Why this matters

This significant fine highlights the importance of having a clear legal basis for data processing. Companies must ensure they assess the necessity of data collection to avoid hefty fines.

GDPR Articles Cited

AI-verified

Art. 5(1)(a) GDPR
Art. 6(1) GDPR
View original scraped data
Art. 5(1)(a) GDPR
b)
c) GDPR
Art. 6(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
amount discrepancy
national law identified
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll ING Bank Śląski actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR 4,323,250 on ING Bank Śląski. The controller scanned the identity documents of every customer and potential customer without a sufficient legal basis. The controller started to implement this procedure after an anti-money laundering law was introduced, but failed to assess the necessity of the data processing in each case.

Related Enforcement Actions (0)

No other enforcement actions found for ING Bank Śląski in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 August 2025

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€4,323,250

Enforcement Tracker ID

ETid-2840

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. ING Bank Śląski - Poland (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: