Berlin DPA Imposes 300 000 EUR Fine Against Bank After Lack of Transparency Over Automated Rejection of Credit Card Application

On May 31, 2023, the European Data Protection Board (“EDPB”) published a press release that the Berlin Data Protection Authority (“DPA”- “SA”) fined a bank for lack of transparency in the rejection of credit card applications.

A Berlin-based bank rejected a customer's credit card application using an automated algorithm without providing a specific reason for the rejection. The customer, who had a good credit rating and regular high income, complained to the Berlin DPA.

The bank only offered vague information about the scoring procedure and refused to explain the basis for assuming poor creditworthiness in the customer's case. The customer was unable to challenge the decision without understanding the data and criteria used for rejection.

The Berlin DPA determined that the bank violated several articles of the GDPR, including the obligation to inform customers about the main reasons for rejection. Considering the bank's high turnover, intentional design of the application process, admission of the violation, and implemented changes, the DPA reduced the fine.

You can access the press release from here.

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr