Landsbankinn – Dismissed (Iceland, 2021)

On January 8, 2020, the DPA received a complaint regarding the claim of Landsbankinn for information on the year-end balance of the complainant's account with Kvika banki in connection with the complainant's request for certain transactions with Landsbankinn. The complainant had transferred approximately ISK 4 million from Kvika banki hf. to Landsbankinn in December 2019. In January 2020, the complainant requested Landsbankinn to withdraw ISK 3 million in cash. With reference to the Money Laundering Act, Landsbankinn demanded information on the origin of his funds and requested information on the complainant's account with Kvika banki from the last three years. The complainant considers that it would have been preferable, in order to ensure proportionality in processing, for him to be able to hand over to Landsbankinn, for example, confirmation of the legitimate origin of the capital from Kvika banki. The DPA concluded that Landsbankinn's processing of personal information about the complainant was permitted on the basis of point 3. Paragraph 1 Article 9 Act no. 90/2018, to the effect that the processing was necessary to fulfill the legal obligation that rests with the responsible party. In view of the above, the conclusion of the Data Protection Authority is that Landsbankinn's processing of the complainant's personal information was in accordance with Act no. 90/2018, on personal protection and processing of personal information.