Swedish Regulators Fine Bank €1.3 Million for Improper Data Sharing with Meta

Swedish regulators have levied a fine against a major domestic bank for unlawfully transferring customer data to Meta's advertising platforms. The Swedish Supervisory Authority (SA) announced a €1.3 million  administrative penalty against Avanza Bank AB after an investigation found the bank had been funneling personal information about up to 1 million customers to Meta, the parent company of Facebook, over an 18-month period.

The SA determined that Avanza had failed to properly configure its use of the Meta Pixel - a tracking tool that allows websites to share data with Meta's ad targeting systems. This led to the improper transfer of sensitive customer data, including information on securities holdings, loan amounts, account numbers, and social security numbers.

"Ensuring the security and proper handling of personal data is a critical obligation for any company, especially in the financial sector where people's most sensitive information is involved," said the SA in its ruling. "Avanza's negligence in this case is unacceptable and demands a significant penalty."

The bank acknowledged the violation and said it has taken steps to overhaul its data processing practices, including deactivating the faulty Meta Pixel integration. Meta also claimed it has deleted any customer information inadvertently collected.

But regulators made clear that lax data protection controls will not be tolerated, especially when they enable the unauthorized transfer of personal information to third-party advertising platforms.

"This penalty sends a clear message that financial firms must take robust measures to safeguard customer data," said the SA's head of enforcement. "Improper data sharing with Big Tech will face severe consequences."

The record fine against Avanza is part of a broader crackdown by Swedish authorities on data privacy violations. Experts say it underscores the growing scrutiny companies can expect as regulators seek to strengthen consumer protections in the digital age.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.