Excerpt from TEISS Article, Published on October 20, 2025
The Dutch Data Protection Authority (AP) has imposed a €2.7 million fine on Experian for violating the General Data Protection Regulation (GDPR) by unlawfully collecting and processing personal data. According to the regulator, Experian used data from both public and private sources to create detailed consumer credit profiles without properly notifying individuals or obtaining valid consent.
Investigations revealed that Experian aggregated sensitive information, including payment histories, outstanding debts, and bankruptcy records. This data was then shared with multiple businesses such as telecom providers, online retailers, and energy companies to assess customer creditworthiness. However, the AP found that the company failed to inform individuals about how their personal data was being used, nor did it provide a clear mechanism for them to access, verify, or dispute their information.
The regulator emphasized that transparency and consent are fundamental to GDPR compliance. Experian’s practices, which lacked these key elements, were deemed a significant breach of trust and a violation of individuals’ privacy rights. The AP also noted that this failure undermines the confidence people place in organizations handling sensitive financial data.
Following the ruling, Experian accepted the decision and confirmed it would not appeal. The company announced plans to cease its credit scoring operations in the Netherlands and pledged to delete all affected data by the end of 2025. In addition, Experian stated that it is reinforcing its data protection framework across its European branches to align with GDPR standards and prevent future compliance issues.
This case highlights the increasing regulatory scrutiny on how companies handle personal information and the growing financial risks of noncompliance. It serves as a reminder that even established global firms must uphold transparency, obtain proper consent, and prioritize privacy in all data processing activities.
To delve deeper into this topic, visit TEISS.
