Italian regulators have imposed a hefty 17.6 million euro penalty on the country’s largest financial institution, Intesa Sanpaolo, following violations involving unauthorized use of customer information affecting approximately 2.4 million account holders.
The banking giant transferred customers to its digital banking platform Isybank without obtaining proper authorization, according to Italy’s data protection regulatory body announced Thursday.
Officials determined that the financial institution created customer profiles based on specific criteria including age (those younger than 65), how often clients used online banking services, and details about their investment portfolios and assets.
These profiling practices resulted in significant impacts on customers, including potential account transfers to different data management systems and one-sided modifications to their banking agreements.
Regulators criticized the bank’s customer communication strategy during the transition process, noting that notifications were frequently distributed during summer months and buried in the mobile application’s archive area without sending alerts to users.
When determining the penalty amount, officials considered both the substantial number of affected customers and the bank’s unintentional violations, while also factoring in the institution’s willingness to assist throughout the regulatory review.
Intesa Sanpaolo has not yet provided a response to the fine.
