Homeowners Association – €15,000 Fine (Spain, 2021)

€15,000Agencia Española de Protección de Datos9 March 2021Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A homeowners association in Spain was fined EUR 15,000 for posting meeting records in a building elevator. This exposed personal details like names and apartment numbers, violating privacy rules. The case highlights the importance of protecting personal information even in community settings.

What happened

The homeowners association publicly displayed meeting records with personal details in a building elevator.

Who was affected

Residents of the building whose names, floors, and apartment numbers were revealed.

What the authority found

The Spanish DPA ruled that displaying personal details in public violated GDPR's integrity and confidentiality principles.

Why this matters

This case reminds community organizations to handle personal data with care and avoid public disclosures that could breach privacy laws.

GDPR Articles Cited

Art. 5(1)(f) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Homeowners Association actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) imposed a fine of EUR 15,000 on a homeowners' association. The controller had publicly displayed the record of a homeowners' meeting in the elevator of the building where the participants lived. From the records, the names, floors and apartment numbers of the meeting participants could be obtained, as well as the floors and apartment numbers of neighbors about whom the participants had complained during the meeting. The controller had justified the public notice with the fact that the results of this meeting concerned planned legal actions against some of the residential parties. They were to be informed about this so that they would not be able to claim later that they had not received the relevant notifications. The DPA considers this to be a violation of Art. 5 (1) f) GDPR, which refers to the principles of integrity and confidentiality of personal data.

Related Enforcement Actions (5)

Other enforcement actions involving Homeowners Association in ES

Fine
Nov 2020· Agencia Española de Protección de Datos

Usage of CCTV camera systems that were also monitoring public space (breach of principle of data minimization).

€2K
Current
Mar 2021

Fine

€15K

Fine
May 2021· Agencia Española de Protección de Datos

Video surveillance of public space and thus violation of the principle of data minimization. Furthermore: Violation of information obligations, as ins...

€3K
Fine
May 2022· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine of EUR 6,000 on a homeowners' association. An apartment owner who had been a resident for 15 years had filed...

€6K
Fine
Oct 2022· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 600 on a homeowners' association. The controller had installed a video surveillance system that recorded bot...

€600
Fine
Dec 2022· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 2,000 on a homeowners' association. An individual who did cleaning work in the residential complex had filed...

€2K

Details

Fine Date

9 March 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€15,000

Enforcement Tracker ID

ETid-585

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Homeowners Association - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: