BANCO BILBAO VIZCAYA ARGENTARIA, S.A. – €84,000 Fine (Spain, 2023)

€84,000Agencia Española de Protección de Datos4 April 2023Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Spain fined Banco Bilbao Vizcaya Argentaria EUR 84,000 for listing a former client's alleged debts without a valid reason and not properly handling their data access request. This matters because it shows companies must have a clear legal basis for processing personal data and must respect individuals' rights to access their information.

What happened

Banco Bilbao Vizcaya Argentaria registered a former client's alleged debts with the Spanish Central Bank without a valid legal basis and failed to adequately handle their data access request.

Who was affected

Former clients of Banco Bilbao Vizcaya Argentaria whose alleged debts were reported without proper legal grounds.

What the authority found

The Spanish DPA found that the bank lacked a valid legal basis for processing personal data and did not comply with the individual's request to access their data.

Why this matters

This case highlights the importance for companies to ensure they have a valid reason for processing personal data and to respect individuals' rights to access their information. It serves as a reminder that financial institutions must be careful with how they handle customer data.

GDPR Articles Cited

Art. 15 GDPR
Art. 6(1) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll BANCO BILBAO VIZCAYA ARGENTARIA, S.A. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on BANCO BILBAO VIZCAYA ARGENTARIA, S.A.. During its investigation, the DPA found that the controller had registered alleged debts of a former client to the risk information center of the Spanish Central Bank without a valid legal basis. The DPA also found that the controller had not adequately complied with the former customer's request for access to their personal data. The original fine of EUR 140,000 was reduced to EUR 84,000 due to voluntary payment and admission of responsibility.

Related Enforcement Actions (2)

Other enforcement actions involving BANCO BILBAO VIZCAYA ARGENTARIA, S.A. in ES

Fine
Jul 2021· Agencia Española de Protección de Datos

On 13 November 2022, a data subject filed a complaint with the Spanish DPA (AEPD) against Banco Bilbao Vizcaya Argentaria, S.A. (the controller). The ...

€120K
Current
Apr 2023

Fine

€84K

Fine
Oct 2023· Agencia Española de Protección de Datos

The Spanish DPA has fined BANCO BILBAO VIZCAYA ARGENTARIA, S.A. EUR 800,000. A customer had lost her handbag, which also contained her bank card. The ...

€800K

Details

Fine Date

4 April 2023

Authority

Agencia Española de Protección de Datos

Fine Amount

€84,000

Enforcement Tracker ID

ETid-1751

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. BANCO BILBAO VIZCAYA ARGENTARIA, S.A. - Spain (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: