I-DE Redes Eléctricas Inteligentes, S.A.U – €200,000 Fine (Spain, 2021)

€200,000Agencia Española de Protección de Datos2 March 2021Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

I-DE Redes Eléctricas Inteligentes was fined EUR 200,000 for sending letters to customers that were unrelated to their contracts. This is significant because it underscores the need for companies to limit data use to its intended purpose.

What happened

The company sent letters to customers with information unrelated to their contracts, violating data use principles.

Who was affected

Customers who received letters about contract breaches and non-payments that were unnecessary.

What the authority found

The Spanish authority found the company violated GDPR by using customer data for purposes not related to their contracts.

Why this matters

This ruling highlights the importance of purpose limitation and data minimization in data processing. Companies should ensure they only use customer data for agreed purposes to avoid penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(b) GDPR
Art. 5(1)(c) GDPR
Art. 6(1)(b) GDPR
View original scraped data
Art. 5(1)(b) GDPR
c) GDPR
Art. 6(1)(b) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
verified correct
Spain enforcementAgencia Española de Protección de Datos actionsAll I-DE Redes Eléctricas Inteligentes, S.A.U actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) imposed a fine of EUR 200,000 on I-DE Redes Eléctricas Inteligentes, S.A.U. The DPA received complaints from Waitum, S.L. and Servicios Aby 2018, S.L. because their customers had received letters from the controller. Both companies had previously transferred their customers' personal data to the controller under a network access agreement entered into with the controller. Under this agreement, the two companies acted as representatives of their respective customers, who were supplied with electricity by the controller. In the letters sent, the controller mentioned, among other things, alleged breaches of contract and non-payment by the companies to the controller. In the course of its investigations, the DPA determined that the sending of these letters was neither related to nor necessary for the performance of the respective contract. The controller had therefore violated the principles of purpose limitation and data minimization, so that the sending of these letters constituted unlawful processing of the customers' personal data.

Related Enforcement Actions (0)

No other enforcement actions found for I-DE Redes Eléctricas Inteligentes, S.A.U in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 March 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€200,000

Enforcement Tracker ID

ETid-577

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. I-DE Redes Eléctricas Inteligentes, S.A.U - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: