Banco Bilbao Vizcaya Argentaria, S.A. – €36,000 Fine (Spain, 2020)

€36,000Agencia Española de Protección de Datos21 December 2020Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Spanish DPA fined BBVA EUR 36,000 for wrongly claiming a person owed them money and sharing their data with a debt collector. This case is important because it underscores the need for accurate data handling by financial institutions.

What happened

BBVA incorrectly claimed a person owed them money and shared their data with a debt collection agency.

Who was affected

An individual mistakenly contacted by BBVA and a debt collection agency for a non-existent debt.

What the authority found

The Spanish authority fined BBVA for not ensuring data accuracy, violating GDPR Article 5(1)(d).

Why this matters

This case highlights the importance of data accuracy and the potential consequences of mishandling personal information. Financial institutions should ensure they verify data before taking action that could affect individuals.

GDPR Articles Cited

Art. 5(1)(d) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Banco Bilbao Vizcaya Argentaria, S.A. actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) fined the financial and credit institution Banco Bilbao Vizcaya Argentaria, S.A. (BBVA) with a fine in the amount of EUR 36,000. The BBVA asked the data subject to settle debts with the BBVA, although the data subject did not have any debts with the bank. As a result, BBVA had transmitted the personal data of the data subject to the debt collection company Multigestión Iberia, S.L., which, over a period of several months, contacted the data subject by telephone and e-mail on behalf of BBVA and requested the payment. The data subject then demanded the erasure of his/her data from BBVA. However, the controller refused to do so.

Related Enforcement Actions (2)

Other enforcement actions involving Banco Bilbao Vizcaya Argentaria, S.A. in ES

Fine
Dec 2020· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) fined Banco Bilbao Vizcaya Argentaria, S.A. EUR 5,000,000 for violating Art. 6 GDPR (EUR 3,000,000) and Art. 13 GDPR (EUR 2,000...

€5.0M
Current
Dec 2020

Fine

€36K

Fine
Sept 2023· Agencia Española de Protección de Datos

In July 2021, the data subject lost his ID card. A third party went to his bank with the ID card and withdrew all the money available in the account, ...

€70K

Details

Fine Date

21 December 2020

Authority

Agencia Española de Protección de Datos

Fine Amount

€36,000

Enforcement Tracker ID

ETid-496

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Banco Bilbao Vizcaya Argentaria, S.A. - Spain (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: