Nordea Bank – Dismissed (Sweden, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Nordea Bank's Swedish branch faced a complaint for not providing a customer with a complete recording of a phone conversation. The bank allowed the customer to listen to the recording on-site but did not provide a copy that included the employee's voice. This case illustrates the importance of transparency and fulfilling customer requests for personal data.
What happened
A customer requested a complete recording of a phone conversation with Nordea Bank but received an edited version.
Who was affected
The customer who requested access to their recorded conversation with Nordea Bank was affected.
What the authority found
The authority ruled that the customer is entitled to a complete copy of their personal data, but the employee's voice does not count as personal data concerning the customer.
Why this matters
This case underscores the need for companies to understand their obligations regarding customer data access. Businesses should ensure they provide complete and accurate information when responding to data requests.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject requested access from the controller, the Swedish branch of the Nordea Bank. The data subject requested a recording of a conversation between one of the controller’s employees and the data subject himself. The data subject only received a copy of the conversation without the voice of the controller’s employee. The data subject filed a complaint at the Swedish DPA (Integritetsskydds myndigheten, IMY) for a violation of the right of access under Article 15 GDPR as the data subject did not receive a copy of the conversation that included the voice of the controller’s employee. The controller argued that it had complied with the request by allowing the data subject to listen to the recording on site at the controller’s branch. The data subject had also been offered a transcript of the phone conversation and a copy of the audio file with the recording in which the controller’s employee’s voice had been edited out. According to the DPA, the right of access under Article 15 GDPR implies that the controller is obliged to provide a data subject with the requested copy of the processed personal data. However, the DPA notes that this right to a copy must not adversely affect the rights and freedoms of others. The DPA explains that the purpose of the right of access is to ensure that the data subject is aware that the processing is taking place and can verify its lawfulness. The right to obtain a copy of personal data includes a right for the data subject to obtain an accurate and intelligible reproduction of all personal data that the controller processes about them. The DPA held that the data subject’s voice in the telephone conversation is personal data of the data subject and thus the data subject is entitled to receive a copy of this telephone conversation. However, the DPA also held that the voice of the controller's employee does not constitute personal data concerning the data subject. Therefore, a transcript of the telephone conversation is sufficie
Outcome
Dismissed
The complaint or investigation was dismissed.
Related Enforcement Actions (0)
No other enforcement actions found for Nordea Bank in SE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Nordea Bank - Sweden (2023). Retrieved from cookiefines.eu
Last updated: