BANCO BILBAO VIZCAYA ARGENTARIA, S.A. – €120,000 Fine (Spain, 2024)

€120,000Agencia Española de Protección de Datos12 June 2024Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Banco Bilbao Vizcaya Argentaria, S.A. was fined for mishandling a customer's personal data. The bank proposed including the customer's data in a credit file without properly notifying them, which led to the customer not receiving important information. This case emphasizes the need for companies to communicate clearly with customers about their data.

What happened

The bank proposed to include a customer's personal data in a solvency file without properly notifying them.

Who was affected

A customer whose personal data was mishandled by the bank.

What the authority found

The authority found that the bank failed to properly inform the customer, violating data protection rules.

Why this matters

This ruling highlights the importance of clear communication with customers regarding their personal data. Companies must ensure they provide proper notifications to avoid similar issues.

GDPR Articles Cited

AI-verified

Art. 5(1)(d) GDPR
View original scraped data
Art. 5(1) d) GDPR

Original data from scraper before AI verification against source document.

Source verified 10 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll BANCO BILBAO VIZCAYA ARGENTARIA, S.A. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on BANCO BILBAO VIZCAYA ARGENTARIA, S.A.. A data subject had filed a complaint with the DPA because the controller had proposed to a credit reference agency to include their personal data in a solvency file without being properly informed in advance. It turned out that the controller had provided an incorrect address and the data subject had therefore not received any notification. The original fine of EUR 200,000 was reduced to EUR 120,000 due to the voluntary payment and the acknowledgement of responsibility.

Related Enforcement Actions (5)

Other enforcement actions involving BANCO BILBAO VIZCAYA ARGENTARIA, S.A. in ES

Fine
Jul 2021· Agencia Española de Protección de Datos

On 13 November 2022, a data subject filed a complaint with the Spanish DPA (AEPD) against Banco Bilbao Vizcaya Argentaria, S.A. (the controller). The ...

€120K
Fine
Oct 2022· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 70,000 on BANCO BILBAO VIZCAYA ARGENTARIA, S.A.. A customer of the bank had filed a complaint with the DPA. ...

€70K
Fine
Apr 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on BANCO BILBAO VIZCAYA ARGENTARIA, S.A.. During its investigation, the DPA found that the controller had registere...

€84K
Fine
Oct 2023· Agencia Española de Protección de Datos

The Spanish DPA has fined BANCO BILBAO VIZCAYA ARGENTARIA, S.A. EUR 800,000. A customer had lost her handbag, which also contained her bank card. The ...

€800K
Current
Jun 2024

Fine

€120K

Fine
Apr 2025· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on BANCO BILBAO VIZCAYA ARGENTARIA, S.A. A customer of the bank had lodged a complaint with the DPA because the con...

€120K

Details

Fine Date

12 June 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€120,000

Enforcement Tracker ID

ETid-2379

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. BANCO BILBAO VIZCAYA ARGENTARIA, S.A. - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: