MILAN, March 12 (Reuters) – Italy’s data protection authority said on Thursday it had fined Italy’s biggest bank Intesa Sanpaolo 17.6 million euros for illicit processing of data of around 2.4 million customers the bank unilaterally moved to its digital unit Isybank.
Intesa had no immediate comment.
The watchdog said the bank profiled clients according to factors such as being under 65 years old, the frequency of their digital-channel use, and their investment products and financial holdings.
This profiling led to consequences for the customers which included the possible transfer of their accounts to a different data controller and unilateral changes to contractual terms.
The authority found that communication with customers about the migration was inadequate, with information often sent during the summer and placed in the app’s archive section without push alerts.
In setting the fine, the agency said it took into account the large number of customers affected, while also considering the bank’s non-intentional conduct and its cooperation during the investigation.
(Reporting by Elvira Pollina, editing by Gavin Jones)
