unknown (Complainant) – Complaint Upheld (Iceland, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Icelandic authority found that Creditinfo Lánstrausti did not properly inform a person about how their credit score was calculated. The person complained that the score was incorrect and that the company used unauthorized data. This case highlights the importance of transparency in credit scoring.
What happened
Creditinfo Lánstrausti failed to provide clear information on how a person's credit score was calculated.
Who was affected
A person who received a negative credit score from Creditinfo Lánstrausti.
What the authority found
The Icelandic authority found that Creditinfo Lánstrausti did not fulfill the person's request for information about their credit score calculation, violating GDPR's transparency requirements.
Why this matters
This decision underscores the need for companies to be transparent about how they calculate credit scores and the data they use. Businesses should ensure they provide clear information to individuals about their data processing practices.
GDPR Articles Cited
Entities Involved
Creditinfo Lánstrausti had assigned a negative credit score to the data subject. The data subject requested information on how Creditinfo Lánstrausti had calculated his credit score. According to Creditinfo Lánstrausti, the main factors influencing the credit score were previous defaults, especially those within the last 24 months, searches in the debtors' default register and a relationship to a company, which was also on the debtors' default register. Other factors were age, relationships with companies, number of searches in the debtors' default register and with Creditinfo Lánstrausti, information from the tax register, residence and marital status. The data subject considered this score incorrect as he had always paid his debts and most of his bills on time. He had only failed to fully pay back a loan with his bank - the balance had also been subject of a lawsuit filed by the data subject against his bank. In February 2019, the data subject lodged a complaint against Creditinfo Lánstrausti with the Persónuvernd claiming that Creditinfo Lánstrausti *has not provided him with information under Article 15 GDPR on how his credit score was calculated, *has used data from the tax register and data on searches in the debtor's default register regarding the data subject when calculating his credit score, which was not allowed, and *has disseminated an incorrect credit score about him. The complainant also requested to completely ban Creditinfo Lánstrausti from selling individuals' credit scorings until a public body has conducted a thorough assessment of the accuracy of the credit scoring system that satisfactorily demonstrates its reliability. *Did Creditinfo Lánstrausti process personal data that it was prohibited to process? *Did Creditinfo Lánstrausti comply with the data subject's access request under Article 15 GDPR? Firstly, the Persónuvernd held that it is not entitled or competent to review the mathematical calculation formula and the probability assessmen
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for unknown (Complainant) in IS
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. unknown (Complainant) - Iceland (2020). Retrieved from cookiefines.eu
Last updated: