MILAN, March 12 (Reuters) - Italy's data protection authority said on Thursday it had fined Italy's biggest bank Intesa Sanpaolo 17.6 million euros for illicit processing of data of around 2.4 million
Intesa Sanpaolo Fined €18M for Illegally Processing Customer Data in Italy
Details of the Data Protection Authority's Fine Against Intesa Sanpaolo
Background of the Fine
MILAN, March 12 (Reuters) - Italy's data protection authority said on Thursday it had fined Italy's biggest bank Intesa Sanpaolo 17.6 million euros for illicit processing of data of around 2.4 million customers the bank unilaterally moved to its digital unit Isybank.
Intesa had no immediate comment.
Profiling and Data Processing Practices
Criteria Used for Profiling
The watchdog said the bank profiled clients according to factors such as being under 65 years old, the frequency of their digital-channel use, and their investment products and financial holdings.
Consequences for Customers
This profiling led to consequences for the customers which included the possible transfer of their accounts to a different data controller and unilateral changes to contractual terms.
Communication Issues with Customers
Inadequate Notification Methods
The authority found that communication with customers about the migration was inadequate, with information often sent during the summer and placed in the app's archive section without push alerts.
Factors Influencing the Fine
Scope and Cooperation
Number of Customers Affected
In setting the fine, the agency said it took into account the large number of customers affected, while also considering the bank's non-intentional conduct and its cooperation during the investigation.
(Reporting by Elvira Pollina, editing by Gavin Jones)
