Equifax Iberica S.L. – €1,000,000 Fine (Spain, 2021)

€1,000,000Agencia Española de Protección de Datos23 April 2021Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Spain fined Equifax Iberica EUR 1,000,000 for adding people's personal data to a debt file without their consent. Some of the data was incorrect, and Equifax failed to inform people properly about this data use. This case highlights the importance of transparency and accuracy in handling personal data.

What happened

Equifax Iberica included personal data in a debt file without consent and failed to inform individuals properly.

Who was affected

Individuals whose personal data was added to the Judicial Claims and Public Entities File without their consent.

What the authority found

The Spanish DPA found that Equifax violated data protection principles by processing personal data unlawfully and failing to inform people properly.

Why this matters

This case underscores the need for companies to ensure transparency and accuracy when processing personal data, emphasizing the importance of obtaining consent and informing individuals about data use.

GDPR Articles Cited

AI-verified

Art. 14(GDPR)
Art. 5(1)(a) GDPR
Art. 6(1) GDPR
View original scraped data
Art. 5(1)(a) GDPR
b)
c)
d) GDPR
Art. 6(1) GDPR
Art. 14 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
verified correct
Spain enforcementAgencia Española de Protección de Datos actionsAll Equifax Iberica S.L. actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) has imposed a fine of EUR 1,000,000 on Equifax Ibérica, SL. A total of 96 complaints were filed with the DPA against the controller because it had included personal data of individuals associated with alleged debts in the Judicial Claims and Public Entities File ('FIJ') without their consent. In some cases, these data were not even correct. According to the DPA, the processing of the data subjects' personal data involving the FIJ file had been unlawful and violated several data protection principles of data processing (lawfulness and transparency, purpose limitation, data minimization, and accuracy). In addition, the controller had not properly informed the data subjects about the processing of their data, thus violating its duty to inform them.

Related Enforcement Actions (1)

Other enforcement actions involving Equifax Iberica S.L. in ES

Fine
Mar 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) fined Equifax Iberica S.L. EUR 50,000 for a violation of Art. 6 (1) f) GDPR. The controller had added the data subject to a deb...

€50K
Current
Apr 2021

Fine

€1.0M

Details

Fine Date

23 April 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€1,000,000

Enforcement Tracker ID

ETid-656

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Equifax Iberica S.L. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: