Website operator – €9,000 Fine (Spain, 2021)

€9,000Agencia Española de Protección de Datos13 September 2021Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Spanish website operator was fined EUR 9,000 for posting a person's name and LinkedIn profile screenshot without permission. The Spanish data protection authority found this violated privacy rules because the person wasn't informed or asked for consent. This case highlights the importance of getting consent before sharing personal information online.

What happened

A website operator published a person's name and LinkedIn profile screenshot without consent.

Who was affected

The person whose name and LinkedIn profile were shared without permission.

What the authority found

The Spanish data protection authority ruled that the website operator violated GDPR by not obtaining consent and failing to inform the person about the data use.

Why this matters

This decision emphasizes the need for website operators to secure consent before using personal data and to provide clear information about data processing activities. It serves as a reminder to review privacy practices to avoid similar fines.

GDPR Articles Cited

Art. 6 GDPR
Art. 13 GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Website operator actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) has imposed a fine of EUR 9,000 on the controller of a website. A person had filed a complaint with the DPA due to the fact that the controller had published his first and last name as well as a screenshot of his Linkedin profile on his website. The controller had neither obtained the data subject's consent for this, nor had he informed him about the processing of his personal data. The DPA considered this to be a violation of Art. 6 GDPR and Art. 13 GDPR.

Related Enforcement Actions (3)

Other enforcement actions involving Website operator in ES

Current
Sept 2021

Fine

€9K

Fine
Jan 2022· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 2,000 on a website operator for the lack of a privacy policy on its website, in violation of Art. 13 GDPR...

€2K
Fine
Apr 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 1,000 on a website operator for failing to ensure that the privacy policy on its website complied with the r...

€1K
Fine
Jun 2024· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on the operator of a website for storing data of a data subject for an excessively long period of time and contrary...

€180

Details

Fine Date

13 September 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€9,000

Enforcement Tracker ID

ETid-835

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Website operator - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: