Deutsche Bank Italia โ€“ Court Ruling (Italy, 2019)

Court Ruling
DPA CourtofAppealofGenoa26 June 2019Italy
final
Court Ruling

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

An Italian court found that Deutsche Bank asked for unnecessary sensitive data from a customer for a bank account contract. The court said this violated the GDPR principle of data minimization. This ruling reminds businesses to only collect data they truly need.

What happened

Deutsche Bank required unnecessary sensitive data from a customer to open a bank account.

Who was affected

The customer who was asked to provide sensitive data for a bank account contract.

What the authority found

The court declared the contract clause invalid because it violated the GDPR's data minimization principle.

Why this matters

This case serves as a warning to businesses to review their data collection practices and ensure they only collect data necessary for their services. It reinforces the GDPR's emphasis on data minimization.

GDPR Articles Cited

Art. 5(1)(c) GDPR

National Law Articles

Article 1418 Italian Civil Code
Decision AuthorityCass.Civ.
Reviewed AuthorityCourt of Appeal of Genoa (Italy)
Italy enforcementDPA CourtofAppealofGenoa actionsAll Deutsche Bank Italia actions
Full Legal Summary
Detailed

Deutsche Bank S.p.A. asked a customer to provide his sensitive data in order to sign a contract for a bank account. The customer initially accepted the clause included in the contract, but then he withdrew his consent. As a result, the bank interrupted the service. The Court had to assess whether this sensitive data was necessary for the Bank in order to conclude a contract for a bank account. The Court found that the processing of the customer's sensitive data was not necessary for the execution of the relevant contract. Such a clause violates the principle of data minimization as provided for in Article 5(1)(c) GDPR. Consequently, according to Article 1418 of the Italian Civil Code, the contractual clause was declared invalid as contrary to mandatory rules.

Outcome

Court Ruling

A ruling by a national court on a data-protection matter.

Related Cases (0)

No other cases found for Deutsche Bank Italia in IT

This is the only recorded case for this entity in this jurisdiction.

Details

Ruling Date

26 June 2019

Authority

DPA CourtofAppealofGenoa

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Deutsche Bank Italia - Italy (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: