BANCO BILBAO VIZCAYA ARGENTARIA, S.A. – €70,000 Fine (Spain, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Banco Bilbao Vizcaya Argentaria, S.A. was fined because a third party withdrew €9,400 from a customer's account without permission. The bank failed to properly verify the identity of the person making the withdrawal. This case highlights the importance of strong security measures to protect customer funds.
What happened
A third party withdrew €9,400 from a customer's account without authorization.
Who was affected
The customer whose ID card was lost and whose account was accessed without consent.
What the authority found
The Spanish data protection authority ruled that the bank did not take adequate security measures to verify the customer's identity, violating GDPR's requirements.
Why this matters
This ruling emphasizes that banks must implement strong identity verification processes to protect customer information. Other businesses should review their security protocols to avoid similar issues.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Spanish DPA has imposed a fine of EUR 70,000 on BANCO BILBAO VIZCAYA ARGENTARIA, S.A.. A customer of the bank had filed a complaint with the DPA. The customer had in the past, in their capacity as an attorney, filed a statement of claim against the bank by their client, also a customer of the bank. The bank had then sent a reply to the client and in it, instead of the professional address of the data subject, the attorney, had inadvertently noted their private address. The DPA firstly found that the bank processed the attorney's personal data in a way that was incompatible with the purposes for which the data were collected (management of their private account). In addition, the DPA found that the unauthorized disclosure of the attorney's personal data occurred due to inadequate technical and organizational measures at the bank.
Related Enforcement Actions (5)
Other enforcement actions involving BANCO BILBAO VIZCAYA ARGENTARIA, S.A. in ES
Fine
€70K
Details
Fine Date
31 October 2022
Authority
Agencia Española de Protección de Datos
Fine Amount
€70,000
Enforcement Tracker ID
ETid-1477
About this data
Cite as: Cookie Fines. BANCO BILBAO VIZCAYA ARGENTARIA, S.A. - Spain (2022). Retrieved from cookiefines.eu
Last updated: