2025-08-25 18:32
publication
2025-08-25 18:32
ING Bank Śląski intends to challenge the decision on a penalty of PLN 18.4 million, imposed by the President of UODO for scanning the identity documents of customers – said spokesman Piotr Utrata. As a reason for collecting scans, the bank indicates the provisions on counteracting money laundering.
On Monday, Dziennik Gazeta Prawna announced that the President of the Office for Personal Data Protection (UODO) imposed on ING Bank Śląski a penalty for violating the regulation on the protection of personal data (GDPR) by copying customer identity documents. As the daily explained, in 2018 the Act on counteracting money laundering and financing of terrorism entered into force; On its basis, the bank began to scan clients, including potential ID. UODO decided that the bank's actions were excessive and violated the regulations of the GDPR, “DGP” informed.
The spokesman for ING Bank Śląski told PAP that the decision of the President of UODO “refers to the practice of scanning ID card in the period from April 2019 to September 2020”. “The bank intends to challenge the decision using the right to lodge a complaint to the Provincial Administrative Court in Warsaw. We emphasize that the bank fully cooperated with Puodo (President of UODO – PAP) at every stage of the procedure,” emphasized the loss.
He added that the bank received scans of documents in situations in which it was “necessary to fulfill the obligations arising from the Act.” “The scans were obtained only for this purpose. We emphasize that ING Bank Śląski observes the applicable law and compliance rules (activities guaranteeing legal compliance – PAP)” – assured the spokesman.
The decision of the President of UODO cited by the “DGP” shows that the signing of the loan agreement was to be dependent on the consent of the client to scan. “It was simply assumed that in each of the cases indicated in the above -mentioned procedures and instructions, a scan of the customer's identity document or a potential customer should be performed – in many situations dependent on the performance of activities for the customer scanning of identity documents in cases of noteworthy duties specified in the provisions of AML, “it was emphasized in the UODO decision cited by the daily.
According to the newspaper, the president of the office was also to conclude that the Act does not entitle to automatically scan documents of all persons who make contact with the bank. “Only identifying this risk gives a basis for the use of properly selected financial security measures,” we read in “DGP”. The President of UODO was also to emphasize that copying documents is a right, not the bank's obligation, so the decision should be preceded by an analysis whether it is necessary.
After the inspection, the bank was to change its procedures and ensure that it will copy documents only for the purpose of using and documenting financial security measures – primarily when concluding contracts with new clients or changing their data. “Later departure from the practice of obtaining copies (scans) of customer identity documents in the part of the situation confirms that there was never such necessity in these cases, that earlier rules of operation in this regard were – in the opinion of even the bank itself – incompatible with the provisions of the AML Act” – the President of UODO said in the decision to impose a penalty. (PAP)
JLS/ MMU/
