CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U. – €70,000 Fine (Spain, 2023)

€70,000Agencia Española de Protección de Datos21 March 2023Spain
overturned
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Caixabank Payments & Consumer EFC was fined for mishandling a customer's personal data after they were wrongly linked to a debt from an Ikea credit card due to identity theft. This matters because it highlights the importance of properly verifying personal information before processing it. Companies must ensure they have a valid reason to use someone's data.

What happened

Caixabank Payments & Consumer EFC processed a person's data without a valid legal basis after they were a victim of identity theft.

Who was affected

The affected person was a customer who was wrongly associated with a debt for an Ikea credit card they never applied for.

What the authority found

The Spanish data protection authority ruled that Caixabank violated GDPR by processing the customer's personal data without any legal basis.

Why this matters

This ruling emphasizes that companies must carefully check the validity of personal data before using it. It serves as a reminder for businesses to strengthen their data verification processes to avoid similar issues.

GDPR Articles Cited

AI-verified

Art. 6(1) GDPR
View original scraped data
Art. 6(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 70,000 on CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U.. The data subject had received a message from a debt collection company on behalf of Caixabank requesting payment of outstanding debts. However, the debt had been annulled, which was also confirmed in a court ruling. For this reason, the DPA determined that the disclosure of the data subject's personal data for the purpose of contacting them regarding the settlement of the debt was unlawful.

Related Enforcement Actions (2)

Other enforcement actions involving CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U. in ES

Fine
Oct 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine of EUR 3,000,000 on CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U.. An individual had filed a complaint again...

€3.0M
Current
Mar 2023

Fine

€70K

Fine
Nov 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 200,000 on CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U.. The controller had included the data subject's per...

€200K

Details

Fine Date

21 March 2023

Authority

Agencia Española de Protección de Datos

Fine Amount

€70,000

Enforcement Tracker ID

ETid-1702

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U. - Spain (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: