Luminor Pank AS – Dismissed (Estonia, 2019)

Dismissed
Andmekaitse Inspektsioon1 November 2019Estonia
final
Dismissed

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Luminor Pank AS was accused of not providing complete data in response to an access request. The Estonian data protection authority found that the bank was not required to provide data the person already had. This case emphasizes the importance of understanding what data companies must provide under GDPR.

What happened

Luminor Pank AS was accused of providing incomplete data in response to an access request.

Who was affected

The individual who requested access to their personal data from the bank.

What the authority found

The Estonian authority concluded that the bank fulfilled its obligations since the missing data was already known to the requester.

Why this matters

This decision clarifies that companies are not obliged to provide data already possessed by the requester, highlighting the limits of data access rights under GDPR.

GDPR Articles Cited

Art. 15 GDPR
Art. 12(1) GDPR
Art. 13(4) GDPR
Art. 14(5)(a) GDPR
Estonia enforcementAndmekaitse Inspektsioon actionsAll Luminor Pank AS actions
Full Legal Summary
Detailed

The appellant complained that the company, in response to his access request, provided an incomplete dataset in English. Could Article 15 GDPR be exercised although the personal are expected to be already possessed by the data subject? The DPA found that much of the data that the complainant found as missing is data that the complainant is expected to possess. So, it concluded that the company is not obliged to provide data that the data subject already possesses under Articles 13(4) and 14(5)(a) GDPR. Thus, the DPA found that the company has adequately fulfilled the obligation to inform the data subject of the data processing as required by Articles 13-15 GDPR. Finally, the DPA pointed out that the complainant had indicated in its customer profile a language preference to use English, which justifies the data export in English (Article 12(1) GDPR).

Outcome

Dismissed

The complaint or investigation was dismissed.

Related Enforcement Actions (0)

No other enforcement actions found for Luminor Pank AS in EE

This is the only recorded action for this entity in this jurisdiction.

Details

Decision Date

1 November 2019

Authority

Andmekaitse Inspektsioon

GDPRhub ID

gdprhub-1509

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Luminor Pank AS - Estonia (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: