Website operator – €180 Fine (Spain, 2024)

€180Agencia Española de Protección de Datos5 June 2024Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A website operator in Spain was fined for keeping user data longer than allowed. This matters because it shows the importance of deleting data when it's no longer needed, which protects users' privacy.

What happened

The Spanish DPA fined the website operator for storing user data for too long.

Who was affected

Website visitors whose data was kept longer than necessary were affected.

What the authority found

The authority found that the operator violated the storage limitation principle under GDPR.

Why this matters

This case highlights the need for businesses to regularly review their data retention policies. Companies should ensure they delete user data when it's no longer required.

GDPR Articles Cited

AI-verified

Art. 5(1)(e) GDPR
View original scraped data
Art. 5(1) e) GDPR

Original data from scraper before AI verification against source document.

Source verified 17 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll Website operator actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on the operator of a website for storing data of a data subject for an excessively long period of time and contrary to the principle of storage limitation under Art. 5 (1) e) GDPR. The original fine of EUR 300 was reduced to EUR 180 due to the voluntary payment and the acknowledgement of responsibility.

Related Enforcement Actions (7)

Other enforcement actions involving Website operator in ES

Fine
Jul 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) fined a website operator EUR 500 due to the fact that its privacy policy did not comply with the requirements of Art. 13 GDPR.

€500
Fine
Sept 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine of EUR 9,000 on the controller of a website. A person had filed a complaint with the DPA due to the fact tha...

€9K
Fine
Jan 2022· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 2,000 on a website operator for the lack of a privacy policy on its website, in violation of Art. 13 GDPR...

€2K
Fine
Apr 2022· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine on the operator of the website link During its investigation, the DPA found numerous deficiencies on a websi...

€2K
Fine
Apr 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 1,000 on a website operator for failing to ensure that the privacy policy on its website complied with the r...

€1K
Fine
May 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 5,000 on a website operator for failing to ensure that the privacy policy on its website complied with the r...

€500
Fine
Apr 2024· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 600 on a website operator for failing to ensure that the privacy policy on a website complied with the requi...

€600
Current
Jun 2024

Fine

€180

Details

Fine Date

5 June 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€180

Enforcement Tracker ID

ETid-2386

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Website operator - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: