Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
663 fines found
Total: $51.8M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2020-07-23 | Telefónica Móviles España, SAU | €70K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-02-01 | ORANGE ESPANA VIRTUAL, S.L. | €70K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR |
| 2022-11-03 | UNITED PARCEL SERVICE ESPANA LTD Y COMPANIA SRC | €70K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2021-10-19 | Vodafone Espana, S.A.U. | €70K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 21 GDPR, Art. 21 LSSI |
| 2022-10-31 | BANCO BILBAO VIZCAYA ARGENTARIA, S.A. | €70K | GDPR | Slovak Data Protection Office | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) b) GDPR, Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2021-10-26 | Vodafone Espana, S.A.U. | €64K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR |
| 2022-10-09 | EVERIS SPAIN S.L. | €64K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-02-03 | Vodafone España, S.A.U. | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-11-19 | Xfera Moviles S.A. | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | A private individual received an SMS from Xfera Móviles which was actually addre...A private individual received an SMS from Xfera Móviles which was actually addressed to a different person and which included personal details of that third party person. The information included personal details as well as login details to the Xfera Móviles website for the third party person. Articles: Art. 32 GDPR |
| 2020-02-03 | Vodafone España, S.A.U. | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | A customer complained that the company had processed their personal data without...A customer complained that the company had processed their personal data without their consent because an email was sent to them on behalf of a company regarding the purchase of a service that was actually not bought by the respective individual. The personal details of the individuals were incorporated into Vodafone España’s systems without the consent of that individual. Initially, the fine was determined to be €100,000 but was reduced to €60,000. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-09-17 | Vodafone España, SAU | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-11-21 | Viaqua Xestión SA | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2020-07-22 | GLP Instalaciones 86, SL | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-09-22 | GLP Instalaciones 86, SL | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-08-16 | Avon Cosmetics | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2021-07-27 | PRA Iberia S.L. | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 15 GDPR |
| 2019-11-19 | Corporacion RTVE | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-11-19 | Xfera Moviles S.A. | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| -- | ENDESA | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR |
| 1970-01-01 | ENDESA | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | ENDESA erroneously charged the claimant’s bank account, as the beneficiary of th...ENDESA erroneously charged the claimant’s bank account, as the beneficiary of the energy supply company’s services was a third party. Upon request of the claimant that her data be deleted, ENDESA handled the data improperly and mistakenly sent it to the third party. Therefore, the AEPD considered that ENDESA had breached the confidentiality principle. It’s worth noting that the third party had been given a 2-year restraining order regarding the data subject. Articles: Art. 5 (1) f) GDPR |
| 2019-11-21 | Viaqua Xestión SA | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | A third party had access to and modified the personal data of a customer that wa...A third party had access to and modified the personal data of a customer that was included in a contract. The third party had no legal basis to access the data. Articles: Art. 6 GDPR |
| 2021-03-16 | Vodafone Espana | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR |
| 2019-10-23 | Vodafone Espana, S.A.U. | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR |
| 2020-02-03 | Xfera Moviles S.A. | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The Spanish Data Protection Authority revealed that Xfera Moviles S.A. has unlaw...The Spanish Data Protection Authority revealed that Xfera Moviles S.A. has unlawfully processed data that included bank details, customer address as well as name of various individuals. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-09-25 | Xfera Moviles S.A. | €60K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |