Comercio Online Levante, S.L. – €3,000 Fine (Spain, 2020)

€3,000Agencia Española de Protección de Datos2 December 2020Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Comercio Online Levante, S.L. mishandled customer data by allowing one client to access another client's account. This breach of confidentiality matters because it shows the importance of protecting personal information online.

What happened

A customer was able to access another customer's account due to a data breach.

Who was affected

Clients of Comercio Online Levante, S.L. whose personal data was exposed.

What the authority found

The Spanish data protection authority found that Comercio Online Levante, S.L. violated GDPR by failing to keep personal data confidential and not having adequate security measures.

Why this matters

This case highlights the need for online businesses to implement strong security measures to protect user data. It serves as a reminder that companies can be held accountable for data breaches.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 32(1) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 32(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
verified correct
Spain enforcementAgencia Española de Protección de Datos actionsAll Comercio Online Levante, S.L. actions
Full Legal Summary
Detailed

When a client tried to access their user account on the website of Comercio Online Levante, S.L., they were directed to the account if another client, therefore having access to the data of such client. The claimant sent an email sent to the online shop informing of the incident but received no answer, so they filed a complaint with the AEPD describing the incident. Did Comercio Online Levante, S.L. infringe the principle of confidentiality established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was a leak of personal data without the consent of the data subject. Additionally, they considered that there was an infringement of Article 32(1), as they concluded that the online shop did not have the appropriate technical and organisational measures in place to ensure an adequate level of protection. For this, the AEPD fined Comercio Online Levante, S.L.: * for the infringement of Article 5(1)(f), €2,000. * for the infringement of Article 32(1), €1,000.

Related Enforcement Actions (0)

No other enforcement actions found for Comercio Online Levante, S.L. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 December 2020

Authority

Agencia Española de Protección de Datos

Fine Amount

€3,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Comercio Online Levante, S.L. - Spain (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: