Online retailer – €2,000 Fine (Spain, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Spanish online retailer was fined EUR 2,000 for sending a customer's order through Amazon without their consent. This matters because it highlights the importance of getting permission before sharing personal data with third parties. Businesses need to ensure they have a valid reason to share customer information.
What happened
The retailer sent a customer's order through Amazon without the customer's consent.
Who was affected
The affected person was a customer who bought a product through the retailer's online store via eBay.
What the authority found
The Spanish DPA found that the retailer unlawfully shared personal data without a valid legal basis, violating GDPR Article 6.
Why this matters
This case emphasizes the need for businesses to obtain clear consent before sharing customer data with third parties. It serves as a reminder to review data-sharing practices to avoid similar penalties.
GDPR Articles Cited
The Spanish DPA has imposed a fine of EUR 2,000 on an online retailer. The data subject bought a product from the controller's online store via eBay and paid with Paypal. However, he received the order via Amazon. Since the data subject had not consented to the transfer of his data to Amazon, the DPA concluded that the controller had processed the data unlawfully.
Related Enforcement Actions (0)
No other enforcement actions found for Online retailer in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
17 December 2021
Authority
Agencia Española de Protección de Datos
Fine Amount
€2,000
Enforcement Tracker ID
ETid-959
About this data
Cite as: Cookie Fines. Online retailer - Spain (2021). Retrieved from cookiefines.eu
Last updated: