El León Espanol – €10,000 Fine (Spain, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
El León Espanol was fined €10,000 for sharing a video of a person without properly protecting their identity. The Spanish data authority found that the company did not follow rules to minimize personal data use. This case highlights the importance of anonymizing content to protect individuals' privacy.
What happened
El León Espanol published a video of a person without using proper anonymization techniques.
Who was affected
The person featured in the video, who was identifiable and had not given consent for their image to be shared.
What the authority found
The Spanish data authority ruled that El León Espanol violated the data minimization principle by not adequately protecting the individual's identity.
Why this matters
This ruling emphasizes that companies must take steps to anonymize personal data, even when reporting on public interest stories. It serves as a reminder for media outlets to carefully consider privacy implications.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A data subject filed several complaints with the Spanish DPA (Agencia – AEPD) against specific users of Twitter as well as a newspaper, the controller. The Twitter users had posted a video in which the data subject is clearly recognisable. After its publication on Twitter, the video went viral. The controller had published the video as part of an article on its website. The data subject stated that the video had been created for work purposes for the launch of a social media challenge. On the 9 September 2022, the AEPD started preliminary proceedings against the controller. In response, the controller submitted a statement showing that it had deleted the video from its website. The controller argued that the focus of the article was to analyse the popularity and implications of the trend rather than assessing the data subject’s personal or private life. It further argued that in its role as a media provider it was required to inform on current relevant events. It also highlighted that other media outlets had also shared the video. In addition, the controller brought forward that it had merely included a nickname of the data subject in the article, which had been manifestly made public through the trend. On the 15 April 2024, the AEPD in its preliminary findings found that the controller had breached the data minimisation principle under Article 5(1)(c) GDPR and for this issued a fine of €10,000. The AEPD stated that anonymization techniques should have been implemented which would have blurred the image or distorted the voice of the data subject. In response to this, the controller again submitted that GDPR protections cannot reasonably be applied in this case due to press freedom. As the video of the data subject had gone viral before the controller published their article, the data subject was already a person in the public interest. The controller further submitted that the article could not be understood without showing the content of the video including the
Related Enforcement Actions (0)
No other enforcement actions found for El León Espanol in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
13 December 2024
Authority
Agencia Española de Protección de Datos
Fine Amount
€10,000
GDPRhub ID
gdprhub-8686About this data
Cite as: Cookie Fines. El León Espanol - Spain (2024). Retrieved from cookiefines.eu
Last updated: