Private individual – €2,000 Fine (Spain, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Spanish individual was fined for sharing staff council meeting minutes with people who weren't supposed to see them. The data protection authority found that the individual didn't have a valid reason to send those emails. This case highlights the importance of keeping sensitive information private and only sharing it with authorized individuals.
What happened
A member of a staff council sent meeting minutes to unauthorized third parties.
Who was affected
Members of the staff council and unauthorized third parties who received the emails.
What the authority found
The authority ruled that the individual lacked a valid legal basis for sending the emails.
Why this matters
This case shows that even individuals can face consequences for mishandling private information. It serves as a reminder for everyone to be cautious about sharing sensitive data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Spanish DPA (AEPD) has imposed a fine of EUR 2,000 on a member of a staff council. The individual had sent minutes of staff council meetings to unauthorized third parties that were not members of the staff council. During its investigation, the DPA found that the individual did not have an effective legal basis for sending the emails.
Related Enforcement Actions (20)
Other enforcement actions involving Private individual in ES
Fine
€2K
Details
Fine Date
31 October 2022
Authority
Agencia Española de Protección de Datos
Fine Amount
€2,000
Enforcement Tracker ID
ETid-1476
About this data
Cite as: Cookie Fines. Private individual - Spain (2022). Retrieved from cookiefines.eu
Last updated: