DATA PROTECTION
Court of Cassation: in the case of an erroneous wire transfer, the bank is liable if it does not check the correspondence between IBAN and payee and cannot invoke privacy to refuse to provide the payee's personal data.
A bank, in executing a wire transfer order of one of its customers, had failed to notice the mismatch between the IBAN indicated in the order and the name of the payee indicated. Asked by the client to provide the data of the recipient of the sums in error, the bank had refused, claiming that it could not accept to the client's request because of the data protection laws.
The First Civil Section of the Supreme Court, on the contrary, in Order No. 17415/2024, pronounced the following principle of law: ‘on the subject of a bank's liability for transactions effected by electronic means, when the beneficiary, named by name, of a payment to be effected by wire transfer is without a credit account with the intermediary bank, so that the specific rules under Article 24 of Legislative Decree No. 11 of 2010 cannot be used either, the rules of the law of the Italian Republic on the protection of personal data shall apply. 11 of 2010, the rules of ordinary law apply, so that the intermediary bank itself, liable, under the theory of ‘qualified social contact’, towards the beneficiary who has remained unsatisfied because of the indication, which has proved to be inaccurate, of its IBAN, bears the burden of proving that it has carried out the payment transaction requested by the solvency obligor, adopting all the necessary precautions in order to avoid the risk of an erroneous identification of that beneficiary, or, at the very least, of having endeavoured to enable the latter to identify the person who actually received the payment intended, on the contrary, for the former, also by communicating to him, where necessary, the relevant personal data’.
The First Civil Section of the Supreme Court, on the contrary, in Order No. 17415/2024, pronounced the following principle of law: ‘on the subject of a bank's liability for transactions effected by electronic means, when the beneficiary, named by name, of a payment to be effected by wire transfer is without a credit account with the intermediary bank, so that the specific rules under Article 24 of Legislative Decree No. 11 of 2010 cannot be used either, the rules of the law of the Italian Republic on the protection of personal data shall apply. 11 of 2010, the rules of ordinary law apply, so that the intermediary bank itself, liable, under the theory of ‘qualified social contact’, towards the beneficiary who has remained unsatisfied because of the indication, which has proved to be inaccurate, of its IBAN, bears the burden of proving that it has carried out the payment transaction requested by the solvency obligor, adopting all the necessary precautions in order to avoid the risk of an erroneous identification of that beneficiary, or, at the very least, of having endeavoured to enable the latter to identify the person who actually received the payment intended, on the contrary, for the former, also by communicating to him, where necessary, the relevant personal data’.
