Equifax Iberica S.L. – €50,000 Fine (Spain, 2021)

€50,000Agencia Española de Protección de Datos10 March 2021Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Equifax Iberica S.L. was fined EUR 50,000 by Spain's data protection authority for adding a person to a debtor list without informing them. The company failed to notify the person that non-payment could lead to being listed as a debtor. This case underscores the importance of transparency when processing personal data.

What happened

Equifax Iberica S.L. added a person to a debtor list without informing them beforehand.

Who was affected

A person with outstanding rent payments who was added to a debtor register without prior notice.

What the authority found

The authority found that Equifax Iberica S.L. processed personal data without a valid legal basis, as they did not inform the person about the debtor listing.

Why this matters

This case highlights the necessity for companies to clearly communicate with individuals about how their data will be used, especially in situations that could affect their financial standing. Businesses must ensure they have a legitimate interest and inform individuals accordingly.

GDPR Articles Cited

Art. 6(1)(f) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Equifax Iberica S.L. actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) fined Equifax Iberica S.L. EUR 50,000 for a violation of Art. 6 (1) f) GDPR. The controller had added the data subject to a debtor register without informing her beforehand. The data subject had outstanding payments of rent with her landlord, who had previously sent her corresponding requests for payment. The controller itself had also sent notices to the data subject requesting her to pay the debts. These, however, did not contain any information that the data subject would be entered in the debtors' register in the event of non-payment. Also, the rental contract of the data subject did not contain any provisions in this regard, which led the DPA to conclude that the controller did not have a legitimate interest within the terms of the GDPR and thus had processed the personal data of the data subject without a legal basis.

Related Enforcement Actions (1)

Other enforcement actions involving Equifax Iberica S.L. in ES

Current
Mar 2021

Fine

€50K

Fine
Apr 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine of EUR 1,000,000 on Equifax Ibérica, SL. A total of 96 complaints were filed with the DPA against the contro...

€1.0M

Details

Fine Date

10 March 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€50,000

Enforcement Tracker ID

ETid-592

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Equifax Iberica S.L. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: