Peak PrivacyPEAK PRIVACY
Upcoming

€12.5 Million for an SDK — When Compliance Arguments Meet Technical Reality

A Conversation with Charlotte Bagger Tranberg On The Role of Compliance- and Legal Tech

60 minutes

Italy fined two banking apps €12.5 million. Not for a breach. For how a software component was designed to work on users' phones. The companies had compliance arguments. The regulator had the technical evidence. In this conversation, Charlotte Tranberg Bagger and Vibeke Specht explore what happens when compliance documentation and technical reality don't match — and why legal expertise alone can no longer close the gap.

€12.5 Million for an SDK — When Compliance Arguments Meet Technical Reality

Register for this webinar

Fill out the form below to reserve your spot.

By registering, your name, email address (and company, if you share this) will be stored in our system in order to send you the stream link and event reminders for this webinar. See more in our Privacy Policy.

Already registered?

Enter your email to sign in and access the webinar.

The Future of Privacy

The Future of Privacy is the theme of a webinar series developed in collaboration with Eyd and Personverndagene. We will air approximately one webinar per month until Personverndagene kicks off in mid-September 2026.

Agenda

Earlier this spring, Italy's data protection authority fined the owners of two mobile banking apps a combined €12.5 million. Not for a breach. For how a component used in both apps was designed to work on users' phones. The companies had compliance arguments. They pointed to security regulations around EU payments. They said the data collection was necessary for fraud prevention. The Garante looked at what the app actually did on users' phones and found it disproportionate.

This case is a reminder that compliance documentation and technical reality don't always match. 

In this conversation we will explore:

  1. What actually happened in the Italian Poste case, and why the compliance arguments didn't hold up
  2. The structural blind spot: why traditional compliance work — policies, DPIAs, vendor contracts — struggles to catch what software components are doing on a user's device
  3. Where legal advisory ends and compliance technology begins
  4. What it takes for a GDPR specialist with 20+ years of experience to decide that legal expertise alone isn't enough — and start building software
  5. Where compliance and legal tech is heading, and what it means for organisations that still rely on self-declarations and manual assessments

Guest

Charlotte Bagger Tranberg, PhD

Charlotte Bagger Tranberg, PhD

CEO & Founder

20+ years in data protection law. One of Denmark's leading GDPR experts, now building legal tech to bridge the gap between regulatory frameworks and operational reality.

Host

Vibeke Specht

Vibeke Specht

Co-Founder of Peak Privacy

CIPP/E certified privacy professional and author of "From GDPR Confusion to Privacy First Marketing".