Budapest Bank Zrt. – €625,000 Fine (Hungary, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Budapest Bank was fined EUR 625,000 for using AI to analyze customer service calls without properly informing customers. The bank failed to tell customers about the AI analysis, which violated their rights to be informed and to object. This fine highlights the importance of transparency in data processing activities.
What happened
Budapest Bank used AI to analyze customer service calls without adequately informing customers.
Who was affected
Customers who called Budapest Bank's customer service and had their calls analyzed by AI.
What the authority found
The Hungarian DPA fined Budapest Bank for not informing customers about the AI analysis of their calls, violating their rights to be informed and to object.
Why this matters
This case emphasizes that companies must be transparent about how they process customer data, especially when using advanced technologies like AI. Businesses should ensure they provide clear information to customers about data processing activities.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
In September 2021, the Hungarian DPA initiated an ex officio investigation against Budapest Bank Zrt. (hereinafter the Bank) related to the use of Artificial Intelligence (AI) software applied to the audio recordings of customer service telephone conversations between May 2018 and the start of the investigation. According to the Bank, the software used speech signal processing based on AI to identify periods of silence, different voices talking at the same time, key words, and emotional elements (such as voice speed, volume and pitch) within the recorded sound files in order to identify customer dissatisfaction. Once the software had made an automated decision to identify calls according to these criteria, a Bank employee then listened to the recordings, and made call-backs to customers in order to handle and attempt to resolve any customer dissatisfaction issues. The Bank stated that its legal basis for this processing was based on legitimate interest, and its purpose was to conduct call quality control, to prevent complaints and customer churn, as well as to increase efficiency. The Bank stated that customers were informed at the beginning of the calls that they were being recorded, but admitted that they did not inform them that the AI software would be used to analyse the calls, since detailed information in this regard would make the introduction to the calls too long, outlasting many of the simple queries made by customers when calling the Bank. The Bank also claimed that the system did not store any identifiable personal data, or perform automated decision-making in order to create personal profiles. Additionally, in a Data Protection Impact Assessment carried out by the Bank, the Data Protection Officer stated that: “The purpose of the processing is lawful on the basis of the rights of the data subjects and the business interests of the Bank, there is no direct or indirect legal prohibition. The processing is high-risk for several reasons, in particular th
Related Enforcement Actions (1)
Other enforcement actions involving Budapest Bank Zrt. in HU
Details
Fine Date
8 February 2022
Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság
Fine Amount
€625,000
250,000,000 HUF
GDPRhub ID
gdprhub-4921About this data
Cite as: Cookie Fines. Budapest Bank Zrt. - Hungary (2022). Retrieved from cookiefines.eu
Last updated: