AUDAX RENOVABLES, S.A. – €12,000 Fine (Spain, 2021)

A data subject lodged a complaint with the Spanish DPA (AEPD) against an energy company. The company had called them for commercial reasons, despite the data subject having signed up for the Robinson List a few months before. A Robinson List is an opt-out list for people who do not wish to receive marketing communications. The AEPD remarked that the [https://www.boe.es/buscar/act.php?id=BOE-A-2014-4950 Spanish Telecommunications Act] (LGT) forbids, in its Article 48(1)(b), commercial communications when the subject has opposed to them. The DPA also related this prohibition to Article 21 GDPR, which gives the data subject the right to oppose to the processing of their personal data. The controller alleged that the LGT was not applicable to the case, since the main activity of the energy company is not related to telecommunications. However, the DPA argued that Article 48(1)(b) GDPR is applicable to commercial communications, regardless of the main activity of the company that carries out such communications. Therefore, the AEPD concluded that the controller had ignored the right to oppose to the processing of the data subject, exercised via the inclusion in the Robinson List, and therefore violated Article 48(1)(b) GDPR. The DPA fined the controller €12,000.