Banco Bilbao Vizcaya Argentaria, SA – €24,000 Fine (Spain, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
BBVA was fined for using personal credit information without having a proper reason. This is important because it shows that companies need a valid basis to handle sensitive data like credit information. The fine emphasizes the need for clear data processing rules.
What happened
BBVA processed credit information without a legitimate basis.
Who was affected
Individuals whose credit information was processed by BBVA without a prior contractual relationship.
What the authority found
The Spanish data protection authority ruled that BBVA violated GDPR by processing personal data without a valid legal basis.
Why this matters
This decision highlights the importance of having a clear legal basis for processing sensitive data. Companies should ensure they have proper agreements or consent before handling such information.
GDPR Articles Cited
BBVA had no legitimate basis for processing the data of the data subject and had therefore infringed Article 6(1) of the GDPR, since the company processed solvency and credit information files without a prior contractual relationship with the data subject.
Related Enforcement Actions (0)
No other enforcement actions found for Banco Bilbao Vizcaya Argentaria, SA in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
20 July 2020
Authority
Agencia Española de Protección de Datos
Fine Amount
€24,000
Enforcement Tracker ID
ETid-345
About this data
Cite as: Cookie Fines. Banco Bilbao Vizcaya Argentaria, SA - Spain (2020). Retrieved from cookiefines.eu
Last updated: