Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
663 fines found
Total: $51.8M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-11-15 | BANKINTER, S.A. | €80K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 (1) GDPR |
| 2020-02-14 | Iberdrola Clientes | €80K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2020-07-20 | Orange Espagne S.A.U. | €80K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-11-03 | Burwebs S.L. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b), e) GDPR, Art. 12 (2) GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 30 (1) GDPR, Art. 22 (2) LSSI |
| 2020-02-03 | Vodafone España, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-02-03 | Vodafone España, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | A former customer of the company continued to receive invoice notices even after...A former customer of the company continued to receive invoice notices even after the contractual obligation between the two parties has ended. The company indicated a technical error for the issuing of the unsolicited notices. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-02-03 | Vodafone España, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-01-07 | EDP España S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The company was fined because it processed personal data such as name, tax ident...The company was fined because it processed personal data such as name, tax identification number, address and phone number without the consent of the affected individuals. Articles: Art. 6 GDPR |
| 2020-01-07 | EDP España S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2021-01-21 | Telefónica Móviles España, SAU | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR |
| 2020-01-07 | EDP Comercializadora, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The company was fined because it processed personal data in regards to a gas con...The company was fined because it processed personal data in regards to a gas contract without the applicants’ consent. The investigation revealed that the applicant received an invoice for the supplying of natural gas, a contract which they didn’t sign. EDP Comercializadora argued that since the applicant had a contract with another gas company with which EDP Comercializadora had a collaboration agreement, it was justified to process the personal data of the respective individuals. The AEPD, however, ruled that the company was required to receive permission directly from the affected individuals to process personal data. Articles: Art. 6 GDPR |
| 2019-11-28 | Curenergía Comercializador de último recurso | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2020-02-03 | Vodafone España, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Vodafone España has signed a contract regarding the transfer of a phone subscrip...Vodafone España has signed a contract regarding the transfer of a phone subscription with a third party person without the account holder’s knowledge or permission. The account holder received an email from the third party regarding the purchase that was made in his name. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-11-05 | Telefonica Moviles Espana, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-07-23 | Telefónica Móviles España, SAU | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-06-15 | Xfera Moviles S.A. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 6 GDPR |
| 2019-11-28 | Curenergía Comercializador de último recurso | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | A private individual complained that the company had used their personal data th...A private individual complained that the company had used their personal data that included their first and last name, address and VAT number in order to open an electricity supply contract. The individual was a former customer of the company, and as such the company was not allowed anymore to reuse the former customer’s data without their permission. Articles: Art. 6 GDPR |
| 2020-09-01 | Telefónica Móviles España, SAU | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-01-07 | EDP Comercializadora, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2020-06-09 | Equifax Iberica, S.L. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 15 GDPR |
| 2022-10-31 | BANCO BILBAO VIZCAYA ARGENTARIA, S.A. | €70K | GDPR | Slovak Data Protection Office | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) b) GDPR, Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2023-04-24 | Telefonica Moviles Espana, S.A.U. | €70K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2022-02-01 | ORANGE ESPANA VIRTUAL, S.L. | €70K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR |
| 2021-10-19 | Vodafone Espana, S.A.U. | €70K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 21 GDPR, Art. 21 LSSI |
| 2023-04-25 | DIGI SPAIN TELECOM, S.L. | €70K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |