Business

Intesa Sanpaolo Fined €17.6M for Privacy Violations & Customer Profiling

by Marcus Liu - Business Editor
0 comments

Intesa Sanpaolo Fined €17.6 Million by Italian Privacy Watchdog

Italy’s data protection authority has issued a €17.628 million fine to Intesa Sanpaolo, the country’s largest bank, for improperly handling the data of approximately 2.4 million customers. The penalty stems from the bank’s unilateral transfer of these customers to its digital banking unit, Isybank Spa.

Details of the Violation

The Italian Data Protection Authority found that Intesa Sanpaolo unlawfully processed customer data during the transfer to Isybank, a fully digital bank. The investigation was initiated following numerous complaints from account holders, revealing “serious violations” in the process according to Ansa.it.

Customer Profiling and Transfer Criteria

To identify customers for transfer to Isybank, Intesa Sanpaolo engaged in customer profiling without a proper legal basis. The criteria used for selection included:

  • Age not exceeding 65 years
  • Habitual use of digital channels in the past year
  • Absence of investment products
  • Financial holdings below a certain threshold

This profiling significantly impacted customers, leading to the transfer of their accounts to a different data controller and unilateral changes to their contractual terms and operating procedures. These changes included the assignment of new IBANs and the loss of access to physical branches, with access limited to a mobile app as reported by the Garante privacy.

Insufficient Communication to Customers

The Authority also criticized Intesa Sanpaolo for inadequate communication with customers regarding the transfer. Notifications were primarily sent within the archive section of the Intesa Sanpaolo app during the summer months, lacking the prominence needed to highlight the significance of the change as detailed by Adnkronos.

Authority’s Considerations in Determining the Fine

In determining the amount of the fine, the Authority considered the severity of the violations, the large number of customers affected, the negligent nature of the transgressions, and the bank’s cooperation during the investigation.

Rome, March 12, 2026

Related Posts

Homeowner Advice: Know and Trust Your Insurance Agent

Bank of Ireland Ties Staff Bonuses and Pay...

MicroStrategy Surpasses BlackRock With $2.54B Bitcoin Purchase

€1.4bn Wind Farm Project Dropped Due to Weather...

Ancient Grains: Health Benefits or Marketing Hype?

PayPal Plans More Job Cuts in Ireland

Integrated Content Marketing Strategy for the Customer Journey

McDonald’s Battles Rising Beef Prices and Customer Value...

Rebel Wilson Defamation Trial Begins Over ‘Money Grabbing’...

Company Loses Over €2m in Cyber Attack

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.