Rabobank โ Court Ruling (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that Rabobank was right to keep a customer's data in money laundering registers. The court found the customer was involved in suspicious transactions, justifying the data retention. This decision highlights the balance between privacy rights and financial security measures.
What happened
Rabobank kept a customer's data in money laundering registers due to suspicious transactions.
Who was affected
The customer whose bank account was linked to suspicious financial transactions.
What the authority found
The court confirmed Rabobank's decision to retain the data, as the customer was sufficiently linked to money laundering activities.
Why this matters
This case underscores the importance of financial institutions maintaining records for security, even when individuals contest such actions. It emphasizes the need for businesses to balance privacy with legal obligations.
GDPR Articles Cited
The claimant primarily requested that the defendant, Rabobank, remove her data from the registers related to money laundering and secondly, if the court decided not to remove the data, to shorten the retention period of the entries in these registers, which by law is 8 years. The claimant's data had been inserted in various registers as a result of suspicious transactions on her Rabobank bank account. There were suspicions that the funds originated from criminal activity. The claimant contests Rabobank's position. The Court was of the opinion that it had been sufficiently established that the claimant was guilty of money laundering, given her contribution to the financial transactions, which took place through her bank account, between two other persons. The Court first examined the national legislation, specifically Art. 5.2.1 of the Protocol on Incident Warning System for Financial Institutions, in order to then verify whether the GDPR legislation has been respected. The national legislation is used to determine when an inclusion in such registers is necessary. Three conditions are relevant: (a) the conduct(s) of the person to be listed pose a threat to (I) the (financial) interests of clients and/or the financial institution itself or (II) the continuity and/or integrity of the financial sector; (b) it has been sufficiently established that the relevant (legal) person is involved in the conduct(s) referred to under (a). This means that criminal offences are in principle reported; (c) the principle of proportionality has been observed in the sense that it is established that the interest of inclusion prevails over the possible adverse effects of inclusion in the register. To conclude, there must be a more serious suspicion of a criminal offence than a reasonable suspicion of guilt. The Court confirmed the correct recording of the data in the registers on the basis of the above-mentioned assessment framework. The principle of proportionality under the GDPR
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Rabobank in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Rabobank - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: