N26 – €50,000 Fine (Germany, 2019)

€50,000Bundesbeauftragter für den Datenschutz1 March 2019Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Germany fined N26 bank €50,000 for keeping former customers' data without permission. The bank used this data to prevent these customers from opening new accounts, which was deemed illegal. This case highlights the importance of having a valid reason for storing personal data.

What happened

N26 bank kept personal data of former customers to prevent them from opening new accounts without their consent.

Who was affected

Former customers of N26 bank whose data was retained without permission.

What the authority found

The authority found N26's practice of retaining former customers' data without valid reasons violated GDPR's requirement for a legal basis.

Why this matters

This case underscores the need for banks and businesses to have a clear legal basis for retaining customer data. It serves as a reminder to review data retention policies to ensure compliance with privacy laws.

GDPR Articles Cited

Art. 6 GDPR
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll N26 actions
Full Legal Summary
Detailed

The fine was imposed against against a bank (according to a newspaper N26) that had processed 'personal data of all former customers' without permission.The Bank has acknowledged that it had retained data relating to former customers in order to maintain a blacklist, a kind of warning file, so that it would not make a new account available to these persons. The bank initially justified this by stating that it was obliged under the German Banking Act to take security measures against customers suspected of money laundering. The Berlin supervisory authority judged this to be illegal. The authority argues that in order to prevent a new bank account from being opened, only those affected may be included in a comparison file who are actually suspected of money laundering or for whom there are other valid reasons for refusing a new bank account. The authority told a newspaper that the fine proceedings initiated against the bank had 'not yet been legally concluded'.

Related Enforcement Actions (0)

No other enforcement actions found for N26 in DE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

1 March 2019

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€50,000

Enforcement Tracker ID

ETid-32

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. N26 - Germany (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: