Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
663 fines found
Total: $51.8M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2020-10-28 | Vodafone España, SAU | €36K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-12-21 | Banco Bilbao Vizcaya Argentaria, S.A. | €36K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) d) GDPR |
| 2020-11-19 | Vodafone España, SAU | €36K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-04-01 | Vodafone Espana | €36K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The company had sent a number of emails to a significant number of recipients wi...The company had sent a number of emails to a significant number of recipients without using the BCC feature that would have hid the email addresses of all the recipients from each other. The original fine was set at €60,000 but reduced to €36,000. Articles: Art. 5 (1) f) GDPR |
| 2019-10-25 | Vodafone Espana | €36K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-10-25 | Vodafone Espana | €36K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Vodafone Espana called the complainant to offer its services but the data subjec...Vodafone Espana called the complainant to offer its services but the data subject refused. His personal data had been acquired by the company through his daughter. Despite his refusal, Vodafone Espana provided the services and demanded payment for them. Therefore, the company had unlawfully processed the complainant’s personal data without express consent. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-10-17 | OES GLOBAL ENERGY S.L. | €35K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-09-28 | BAYARD REVISTAS, S.A. | €31K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2021-11-15 | Vodafone Espana, SAU | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2019-11-14 | Telefónica SA | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | A person was charged by the phone operator Telefónica for a telephone service th...A person was charged by the phone operator Telefónica for a telephone service that they never requested and owned. This happened because the bank account of the affected person was linked to the Telefónica profile of another person and as such the fees for the service were deduced from the affected person’s account. The AEDP ruled that this was against the principles described by article 5 of GDPR. Articles: Art. 5 GDPR |
| 2021-10-08 | Orange Espagne, SAU | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) a) GDPR |
| 2019-10-01 | Vueling Airlines | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Vueling Airlines made it impossible for users to access their website without ac...Vueling Airlines made it impossible for users to access their website without accepting the cookies. Therefore, one couldn’t browse the website unless they accepted the cookies. The AEPD sanctioned the company with 30.000 euros Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-06-24 | Vodafone Espana | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-02-14 | Xfera Moviles S.A. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-06-23 | RADIO TELEVISION MADRID, S.A. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2019-01-01 | Vodafone Espana, S.A.U. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-02-14 | Xfera Moviles S.A. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | The Spanish Data Protection Authority determined that a customer of the company ...The Spanish Data Protection Authority determined that a customer of the company had access to the personal data of other customers. Articles: Art. 32 GDPR |
| 2023-02-22 | DISPLAY CONNECTORS, S.L. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2022-12-15 | ORANGE ESPAGNE, S.A.U. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) GDPR |
| 2020-03-18 | Telefonica | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-cooperation with Data Protection Authority | --Articles: Art. 58 GDPR |
| 2020-11-03 | Vodafone España, SAU | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-11-14 | Telefónica SA | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR |
| 2019-10-01 | Vueling Airlines | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-06-24 | Vodafone Espana | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | The personal data of a customer was disclosed to a different customer through SM...The personal data of a customer was disclosed to a different customer through SMS. The original fine of €50,000 was reduced to €20,000. Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-06-23 | CORPORACION DE RADIO Y TELEVISION ESPANOLA, S.A. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |