Banco Bilbao Vizcaya Argentaria S.A. – €60,000 Fine (Spain, 2021)

€60,000Agencia Española de Protección de Datos16 December 2021Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Banco Bilbao Vizcaya Argentaria S.A. was fined EUR 60,000 for sending unwanted SMS messages to a person with no contract with them. The bank admitted the mistake was due to human error. This case shows that companies must ensure accurate data handling to avoid privacy breaches.

What happened

Banco Bilbao Vizcaya Argentaria S.A. sent unsolicited SMS messages to a person who had no contractual relationship with them.

Who was affected

An individual who received unwanted SMS messages about non-payments from the bank despite having no contract with them.

What the authority found

The Spanish DPA found that the bank lacked a valid legal basis for sending the messages, violating GDPR's rules on data processing.

Why this matters

This case emphasizes the importance of accurate data management and the need for companies to verify customer information before sending communications. It serves as a warning to businesses about the risks of human error in data handling.

GDPR Articles Cited

Art. 6 GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Banco Bilbao Vizcaya Argentaria S.A. actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) has imposed a fine on Banco Bilbao Vizcaya Argentaria S.A.. A data subject filed a complaint with the DPA due to the fact that the controller repeatedly sent him SMS messages about non-payments, although he had no contractual relationship with the controller. The controller stated that the unsolicited SMS messages were sent due to human error on part of its employees. The original fine of EUR 100,000 was reduced to EUR 60,000 due to voluntary payment and admission of guilt.

Related Enforcement Actions (0)

No other enforcement actions found for Banco Bilbao Vizcaya Argentaria S.A. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

16 December 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€60,000

Enforcement Tracker ID

ETid-968

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Banco Bilbao Vizcaya Argentaria S.A. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: