The right of access to one’s personal data cannot be restricted if it is information in the public domain, the disclosure of which does not jeopardise anti-money laundering activities.

The principle was affirmed by the Authority. The Authority, at the end of the preliminary investigation activity concerning two complaints [web doc. no. 9888438 and web doc. no. 9888457] lodged against credit institutions by a customer, who could not obtain a full response to the requests for access to his personal data, declared the unlawfulness of the processing and admonished the credit institutions.

To the requests made by the person concerned, in fact, both banks had limited themselves to providing personal and banking data, omitting further information.

Following the Authority’s investigation, it emerged that the banks had decided, in accordance with the anti-money laundering legislation, not to provide all the information they possessed and of which they had become aware through press articles. The reports concerned an investigation against the customer that had ended with a ruling by the Court of Cassation.

The Authority considered that there were no grounds for applying the measure of restriction of the right of access, since the interested party’s knowledge of the above-mentioned information would not have violated the interests protected by the anti-money laundering legislation.
The press reports, in fact, were freely accessible to anyone online, as was the judgment of the Court of Cassation.

The Authority therefore reprimanded both banks for failing to provide timely and complete responses to the customer’s request for access to his personal data.

https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9890504