Confidentiality Obligations of Credit Institutions: Claims of the Customer in Case of Violation

1. Is there an obligation of secrecy on the part of the banks?

The banks are obliged to secrecy due to the banking secrecy. They must keep customer-related facts and evaluations secret that have become known to them in the course of their business relationship with the customer.

Obligation for banks to keep customer data secret

2 Where is banking secrecy regulated by law?

a) Customary Law

Unlike Switzerland and other countries, banking secrecy is not regulated by law in Germany. It is presumed to exist by the courts and is recognized as a customary law (since 1619).

b) Constitutional Rights

The protection of the bank client follows from the general right of personality or the right to informational self-determination in accordance with §2 I of the Basic Law. Exceptions to banking secrecy are regulated by special laws.

c) Data Protection Law

The data protection law also results in a legal obligation to secrecy for the credit institutions. This means that the disclosure of customer-related data must be compliant with banking secrecy and data protection laws.

d) Civil Code

Finally, a general duty to protect the interests, protection and loyalty of the customer arises from Civil Code, §241 II BGB.

3. Scope and Duration of Banking Secrecy

Banking secrecy covers not only financial matters, but also private circumstances of the client, such as divorce, preliminary (criminal) proceedings, etc. The duty of secrecy already begins at the stage of contract initiation and does not automatically end with the termination of the contract.

4. Are there exceptions to the banking secrecy?

Credit institutions must notify the Federal Central Tax Office of the amount of the registered allowances for investment income. Tax authorities can make requests for information to the credit institutions according to §30a AO.

After the death of a customer, banks must report the respective credit balances and safe deposit boxes to the inheritance tax office. In criminal investigation proceedings / criminal proceedings bank employees are obliged to testify before the public prosecutor's office. The public prosecutor may also confiscate business documents (§§94 II, 98 StPO) if they are required as evidence. Searches in the bank and confiscation of the customer's business documents may only be carried out with a court order, unless there is imminent danger.

5 Which information is unproblematic?

In the course of normal business transactions, there are no concerns if bank information is provided such as: "We inform you that we maintain a business relationship". This is usually covered by the General Terms and Conditions of Banks (No. 2 STC Banks). However, no other information may be given, especially no detailed information.

6. Does the transparent bank customer exist?

Since January 2005, the law for the promotion of tax honesty has been in force. All tax offices and all other authorities that deal with the income of the citizen can request bank data of all account holders nationwide. This is intended to reconstruct money flows and prevent money laundering by organized crime. However, it is not allowed to access data on account balances, but only on customer account master data and on other authorized persons such as name, maiden name and account numbers.

7. Data Disasters Endanger Companies

Banking secrecy is often violated without a corresponding exception justifying the intervention. Some banks give information prematurely - even during simple telephone inquiries. Many affected bank customers do not even notice the disclosure of customer-related data. Therefore, some do not understand when account connections are canceled without being given reasons. The unauthorized disclosure of data represents a data disaster and can in individual cases lead to the endangerment of companies, considerable damage or even insolvency.

8. Do bank employees or the bank's board of directors make themselves liable to prosecution for breaches of banking secrecy?

§203 II StGB regulates the criminal law protection of secrets that have been entrusted to public officials (§11 No. 2c StGB) and "persons who are especially obliged for public service" (§11 No. 4a StGB). This includes employees of savings banks and state banks. Unauthorized disclosure of data is therefore punishable by law for employees of public savings banks (Sparkassen) and state banks (Landesbanken).

Employees of private banks may be liable to prosecution for breaches of banking secrecy under the aspect of embezzlement, as well as §17 UWG, 55a, 55b KWG – via unfair competition and corporate law.

9. Claims of the Affected Customer

a) Correction/ Deletion

The customer is entitled to a correction claim in accordance with §35 I BDSG in the event of unauthorized transmission of customer-related data to a credit agency or another data pool. The customer also has a direct claim to the deletion or blocking pursuant to §35 II and 3 BDSG. Claims for injunctive relief can also be based on §§1004, 823 BGB.

b) Cease and Desist

As far as the (further) inadmissible passing on of data is threatened, there is a right to injunction. In case of danger, the right to injunctive relief can also be secured by a temporary injunction according to §935 ZPO.

c) Damages

The basis for claims for damages is the violation of contractual secondary obligations according to §§280, 241 II, 311 II BGB. In addition, tortious claims exist in accordance with §823 II BGB in connection with §28 BDSG.

However, according to prevailing opinion, banking secrecy does not constitute any other right within the meaning of §823 II BGB.

The amount of damages is based on the differential hypothesis, §249 BGB. The bank shall be liable for the damage that results in comparison to the hypothetical situation of the customer without the unauthorized disclosure of the data.