Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
663 fines found
Total: $51.8M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-01-21 | Alterna Operador Integral S.L. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) b) GDPR |
| 2020-10-26 | Conseguridad SL | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | No data protection officer appointed | --Articles: Art. 37 GDPR |
| 2019-06-24 | Vodafone ONO | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | A technical error allowed customers to view the personal data of other customers...A technical error allowed customers to view the personal data of other customers on the company’s website’s customer area. The original fine of €60,000 was reduced to €48,000. Articles: Art. 32 GDPR |
| 2022-11-11 | Banco Bilbao Vizcaya Argentaria S.L. | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-05-06 | Telefónica SA | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR |
| 2019-05-06 | Telefónica SA | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | A customer complained that their bank account was charged for two invoices for t...A customer complained that their bank account was charged for two invoices for the services the customer has purchased but on the invoices, the personal details of a third party person were displayed. Initially, the fine was determined to be €60,000 but was reduced to €48,000. Articles: Art. 5 (1) a) GDPR |
| 2020-02-25 | HM Hospitales | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | An individual reported that at the time of their admission to the hospital they ...An individual reported that at the time of their admission to the hospital they had to fill in a form that had a checkbox that indicated that if the checkbox is not ticked, the hospital can transfer the person’s private data to third parties. The data protection authority argued that this form was not in accordance with the GDPR because consent was to be obtained from the inactivity of the affected person. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-08-28 | NATURGY ENERGY GROUP, S.A. | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-06-24 | Vodafone ONO | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-02-28 | Vodafone ONO | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-02-25 | HM Hospitales | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-02-28 | Vodafone ONO | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | The company was fined due to several deficiencies in information security. Two c...The company was fined due to several deficiencies in information security. Two clients of the company had received the same security access key, allowing to view each others’ personal details. Articles: Art. 32 GDPR |
| 2021-07-12 | Telefonica Moviles Espana, S.A.U. | €45K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2020-07-31 | Vodafone España SAU | €45K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-01-07 | Vodafone Espana | €44K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | The company was fined because it sent a contract that included the name and addr...The company was fined because it sent a contract that included the name and address and contact details of a client to a third party by accident. Articles: Art. 5 (1) f) GDPR |
| 2020-01-07 | Vodafone Espana | €44K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR |
| 2020-11-11 | Vodafone España, SAU | €42K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-05-17 | Vodafone Espana, S.A.U. | €42K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2022-05-24 | Alquiler Seguro SA | €42K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDP |
| 2020-11-16 | Vodafone España, SAU | €42K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-03-03 | Vodafone España | €42K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-02-14 | Vodafone España | €42K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | An individual reported having had access to the personal data to third parties i...An individual reported having had access to the personal data to third parties in their personal Vodafone profile. Articles: Art. 32 GDPR |
| 2020-03-03 | Vodafone España | €42K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | A client’s personal data was accessed without authorization. The AEPD expl...A client’s personal data was accessed without authorization. The AEPD explained that this happened due to lack of technical and organizational measures taken by the company to ensure information security. Articles: Art. 32 GDPR |
| 2022-08-02 | Banco Bilbao Vizcaya Argentaria S.L. | €42K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2020-02-14 | Vodafone España | €42K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |