Property Owner Community – €1,200 Fine (Spain, 2022)

€1,200Agencia Española de Protección de Datos21 January 2022Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A property owners' community in Spain was fined EUR 1,200 for sharing too much personal information with a security company. This is important because it shows the need to limit data sharing to only what's necessary.

What happened

The property owners' community shared full meeting minutes, including personal details of residents, with a security company, which was more information than needed.

Who was affected

Residents of the property community whose personal information was unnecessarily shared with the security company.

What the authority found

The Spanish data protection authority found that the community violated GDPR's data minimization principle by sharing excessive personal information.

Why this matters

This case highlights the importance of sharing only necessary personal data with third parties. Organizations should review their data sharing practices to ensure compliance with GDPR's data minimization requirements.

GDPR Articles Cited

Art. 5(1)(c) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Property Owner Community actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) has fined a property owners' community EUR 1,200. A property manager had sent a copy of the general meeting minutes to the director of the security company 'CMM Seguridad'. The document the said document contains the names and addresses of residents, a list of defaulters and the accounts with all income and expenses of the community. According to the controller, the purpose of sending the minutes in question to the security company was to inform them about the members of the Board of Directors appointed at the respective ordinary general meeting. Therefore, the controller should have limited to only providing this information or to transmitting the minutes document after it had been duly anonymized. For this reason, the DPA notes that the transmission of the full minutes would not have been necessary. As a result, the controller violated the principle of data minimization.

Related Enforcement Actions (1)

Other enforcement actions involving Property Owner Community in ES

Fine
Jan 2022· Agencia Española de Protección de Datos

Usage of CCTV camera which also captured the public roads outside in a violation of the so called principle of data minimisation.

€3K
Current
Jan 2022

Fine

€1K

Details

Fine Date

21 January 2022

Authority

Agencia Española de Protección de Datos

Fine Amount

€1,200

Enforcement Tracker ID

ETid-1008

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Property Owner Community - Spain (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: