Chamber of Commerce, Industry, Services and Navigation of Spain – €500,000 Fine (Spain, 2025)

€500,000Agencia Española de Protección de Datos15 April 2025Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Spanish DPA has imposed a fine of EUR 500,000 on the Chamber of Commerce, Industry, Services and Navigation of Spain. Due to its function within the Spanish Executive, the controller has access to the basic data of all Spanish companies, including information regarding solvency, contact details, tax numbers and more. Self-employed persons are also included. The controller has decided to make this information available to the public. For this purpose, the controller created the legal entity CAMERDATA S.A. (ETid: 2838), which acts as a data processor. The controller transferred the aforementioned data to the processor so that it could be distributed. However, the transfer was not based on a valid legal basis. The amount and kind of data transferred infringed the principles of data minimisation and confidentiality. Furthermore, the manner in which the data was transferred infringed the principle of fairness, and the controller failed to inform the data subjects regarding the data processing.

GDPR Articles Cited

AI-verified

Art. 14(GDPR)
Art. 5(1)(a) GDPR
Art. 6(1) GDPR
View original scraped data
Art. 5(1)(a) GDPR
b)
f) GDPR
Art. 6(1) GDPR
Art. 14 GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll Chamber of Commerce, Industry, Services and Navigation of Spain actions
Full Legal Summary

The Spanish DPA has imposed a fine of EUR 500,000 on the Chamber of Commerce, Industry, Services and Navigation of Spain. Due to its function within the Spanish Executive, the controller has access to the basic data of all Spanish companies, including information regarding solvency, contact details, tax numbers and more. Self-employed persons are also included. The controller has decided to make this information available to the public. For this purpose, the controller created the legal entity CAMERDATA S.A. (ETid: 2838), which acts as a data processor. The controller transferred the aforementioned data to the processor so that it could be distributed. However, the transfer was not based on a valid legal basis. The amount and kind of data transferred infringed the principles of data minimisation and confidentiality. Furthermore, the manner in which the data was transferred infringed the principle of fairness, and the controller failed to inform the data subjects regarding the data processing.

Related Enforcement Actions (0)

No other enforcement actions found for Chamber of Commerce, Industry, Services and Navigation of Spain in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

15 April 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€500,000

Enforcement Tracker ID

ETid-2874

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Chamber of Commerce, Industry, Services and Navigation of Spain - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: