Search Privacy Fines

Browse and filter privacy enforcement fines worldwide.

← Back to Overview

Regulation

Country

Year

Min Fine (USD)

Sort

663 fines found

Total: $51.8M

Date	Company	Fine	Regulation	Authority	Country	Type	Summary
2022-05-18	Google	€10.0M	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 GDPR, Art. 17 GDPR
2021-01-13	Caixabank S.A.	€6.0M	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 6 GDPR, Art. 13 GDPR, Art. 14 GDPR
2020-12-11	Banco Bilbao Vizcaya Argentaria, S.A.	€5.0M	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 6 GDPR, Art. 13 GDPR
2022-02-01	Vodafone Espana, S.A.U.	€3.9M	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR
2021-10-21	Caixabank Payments & Consumer EFC, EP, S.A.U.	€3.0M	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 6 (1) GDPR
2021-07-26	Mercadona S.A.	€2.5M	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 (1) c) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 25 (1) GDPR, Art. 35 GDPR
2022-02-11	Amazon Road Transport Spain S.L.	€2.0M	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 6 (1) GDPR, Art. 10 GDPR, Art. 10 LOPDGDD
2022-02-01	TELEFONICA MOVILES ESPANA, S.A.U.	€900K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) f) GDPR
2022-02-01	Orange Espagne, S.A.U.	€700K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) f) GDP
2022-10-31	TECHPUMP SOLUTIONS, S.L.	€525K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Several	-- Articles: Art. 5 (1) a), b), e) GDPR, Art. 6 (1) GDPR, Art. 8 GDPR, Art. 12 (1), (2) GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 30 (1) GDPR, Art. 22 (2) LSSI
2019-06-11	Professional Football League (LaLiga)	€250K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Information obligation non-compliance	A fine was issued to the National Football League (LaLiga) because it had failed... A fine was issued to the National Football League (LaLiga) because it had failed to inform users of the implications contained within the app it offered. This app remotely accessed the users’ microphones once every minute to check pubs screening football matches. The AEPD thinks that the users were not sufficiently informed of this. Moreover, the users did not have the adequate possibility to withdraw their consent, once given. Articles: Art. 5 (1) a), Art. 7 (3) GDPR
2019-06-11	Professional Football League (LaLiga)	€250K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Information obligation non-compliance	-- Articles: Art. 5 (1) a), Art. 7 (3) GDPR
2023-05-03	GSMA LTD.	€200K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 35 GDPR
2022-02-01	XFERA MOVILES, S.A.	€200K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) f) GDPR
2022-04-11	BASER COMERCIALIZADORA DE REFERENCIA, S.A.	€150K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 GDPR, Art. 32 GDPR
2023-03-15	Vodafone Espana, S.A.U.	€136K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 GDPR, Art. 32 GDPR
2022-07-13	DKV Seguros y Reaseguros, S.A.E.	€132K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR, Art. 33 GDPR
2021-08-25	Banco Bilbao Vizcaya Argentaria, S.A.	€120K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 GDPR
2020-02-27	Vodafone España	€120K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	The company was not able to prove that an individual had given them consent to a... The company was not able to prove that an individual had given them consent to access and process their personal data with the goal of opening a telephone contract. The AEPD further explained that the company unlawfully disclosed the affected person’s personal data to third party credit agencies. Articles: Art. 5 GDPR
2020-02-27	Vodafone España	€120K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 GDPR
2023-04-13	Vodafone Espana, S.A.U.	€112K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR
2023-03-16	ORANGE ESPAGNE S.A.U.	€100K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 (1) c) GDPR
2022-12-28	Vodafone Espana, S.A.U.	€100K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR
2021-08-03	Vodafone Espana, S.A.U.	€96K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 6 (1) GDPR, Art. 17 GDPR
2023-04-04	BANCO BILBAO VIZCAYA ARGENTARIA, S.A	€84K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR, Art. 15 GDPR

Page 1 of 27Next