20 AÑOS DE MÚSICA A.I.E. – €3,000 Fine (Spain, 2024)

€3,000Agencia Española de Protección de Datos17 June 2024Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Spanish data protection authority fined 20 AÑOS DE MÚSICA A.I.E. for collecting too much personal information from minors' guardians for concert attendance. They required unnecessary documents, which violated data protection rules. This case highlights the importance of only collecting data that is truly needed.

What happened

20 AÑOS DE MÚSICA A.I.E. was fined for requiring excessive personal information from guardians of minors attending concerts.

Who was affected

Minors and their legal guardians who were asked to provide unnecessary personal documents for concert attendance.

What the authority found

The authority found that the company violated the principle of data minimization by collecting more information than necessary.

Why this matters

This ruling emphasizes that companies must limit data collection to what is necessary. It serves as a reminder for businesses to review their data practices to avoid similar issues.

GDPR Articles Cited

AI-verified

Art. 13(GDPR)
Art. 5(1)(c) GDPR
View original scraped data
Art. 5(1) c) GDPR
Art. 13(GDPR)

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
articles corrected
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll 20 AÑOS DE MÚSICA A.I.E. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on 20 AÑOS DE MÚSICA A.I.E.. A person had filed a complaint with the DPA due to the fact that in order for minors to attend concerts organized by the controller, powers of attorney from their legal guardians as well as copies of the identity documents of both the legal guardians and the minors were required. During its investigation, the DPA found that such extensive data collection would not have been necessary and violated the principle of data minimization. The DPA also found that the controller had not sufficiently informed the data subjects about the data processing. For example, the controller failed to provide precise information on the exercise of data subjects' rights. The original fine of EUR 5,000 was reduced to EUR 3,000 due to voluntary payment and admission of responsibility.

Related Enforcement Actions (0)

No other enforcement actions found for 20 AÑOS DE MÚSICA A.I.E. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

17 June 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€3,000

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. 20 AÑOS DE MÚSICA A.I.E. - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: