Unknown – €600 Fine (Spain, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Spanish data authority fined an unknown company for keeping full copies of personal IDs when it wasn't necessary. This matters because it shows the importance of only collecting the data you really need. Businesses should be careful to follow data minimization rules to avoid penalties.
What happened
An unknown company stored unnecessary full copies of personal IDs for verification.
Who was affected
Individuals whose personal IDs were stored by the unknown company.
What the authority found
The authority found that the company violated the principle of data minimization under GDPR.
Why this matters
This case highlights the need for businesses to limit data collection to what is essential. Companies should review their data handling practices to ensure compliance with data protection rules.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Spanish DPA imposed a fine on an unknown data controller. The controller stored full copies of personal IDs for verification purposes. In this case, storing all the information found on an ID was unnecessary and infringed upon the principle of data minimization. The original fine of EUR 1,000 was reduced to EUR 600 due to immediate payment and admission of responsibility by the controller.
Related Enforcement Actions (11)
Other enforcement actions involving Unknown in ES
Fine
€600
Details
Fine Date
15 April 2025
Authority
Agencia Española de Protección de Datos
Fine Amount
€600
Enforcement Tracker ID
ETid-2623
About this data
Cite as: Cookie Fines. Unknown - Spain (2025). Retrieved from cookiefines.eu
Last updated: