Unknown – €1,000 Fine (Spain, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A company in Spain was fined €1,000 for using someone else's personal data to apply for a microcredit without permission. This case is important because it shows the need for businesses to have a legal basis before using personal data.
What happened
A company used a third party's personal data to obtain a microcredit without a legal basis.
Who was affected
The third party whose personal data was used without consent for a microcredit application.
What the authority found
The Spanish data protection authority found the company violated GDPR by lacking a legal basis for processing the personal data.
Why this matters
This case serves as a warning to businesses about the importance of obtaining proper consent or legal justification before processing personal data. It reinforces the principle that unauthorized use of personal data can lead to penalties.
GDPR Articles Cited
The Spanish DPA (AEPD) has imposed a fine of EUR 1,000 on a company. The controller had used the personal data of a third party in order to obtain a microcredit. The DPA states that the controller lacked a legal basis for the processing and thus violated Art. 6 (1) GDPR.
Related Enforcement Actions (5)
Other enforcement actions involving Unknown in ES
Fine
€1K
Details
Fine Date
1 July 2021
Authority
Agencia Española de Protección de Datos
Fine Amount
€1,000
Enforcement Tracker ID
ETid-765
About this data
Cite as: Cookie Fines. Unknown - Spain (2021). Retrieved from cookiefines.eu
Last updated: