A, B, C, D, E, F (data subjects) – €1,000 Fine (Greece, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A natural person shared personal information about six individuals with church authorities without their permission. The Greek data protection authority found this action illegal and imposed a fine. This case serves as a reminder that sharing personal data without consent can lead to serious consequences.
What happened
A person disclosed personal data of six individuals to ecclesiastical authorities without their consent.
Who was affected
The six individuals whose personal data was shared, including three clergymen.
What the authority found
The authority ruled that the individual did not have a valid reason to share the personal data, violating GDPR rules.
Why this matters
This ruling emphasizes the need for individuals and businesses to respect privacy and obtain consent before sharing personal information. It highlights the legal risks of unauthorized data sharing.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
In 2022 the DPA received six complaints from six (6) different data subjects, regarding the illegal disclosure of their personal data to ecclesiastical authorities by a natural person (controller). Three (3) of the data subjects were clergymen. In the course of a legal dispute between the controller and the six data subjects, the controller sent two complaint letters to several ecclesiastical officials and authorities (inter alia, two Archbishops, one Archimandrite and the General Hierarchical Commissioner of the Holy Metropolis). The conflict related to the controller's purchase of an apartment in a building in which the data subjects reside. Both letters of complaint were accompanied by numerous supporting documents containing a multitude of personal data of the six data subjects (home addresses, contact information, marital status, tax identification number, professional capacity, property details). According to the controller, the purpose of his letters of complaint was to provide the ecclesiastical authorities with full information, in order to discipline the three clergymen/data subjects by any appropriate means at their discretion, so that peace and tranquility may prevail in my home and in my personal life. Regarding the controller's claim that the above letters of complaint sent to the ecclesiastical authorities were part of a household activity, the DPA held that a submission before a body or authority (such as an ecclesiastical authority) entails at least the use and disclosure through transmission of personal data within the scope of Article 4(1) and (2) GDPR. The DPA found, that only two recipients of the complaint letters had any disciplinary authority relating to the controller's complaints over only three of the six data subjects. Thus, the DPA held, that * the transmission of the data of the three clergymen to all recipients and * the transmission of the data of the data subjects who do not have the status of clergy to any recipient was not ne
Related Enforcement Actions (0)
No other enforcement actions found for A, B, C, D, E, F (data subjects) in GR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
6 February 2025
Authority
Hellenic Data Protection Authority
Fine Amount
€1,000
GDPRhub ID
gdprhub-9088About this data
Cite as: Cookie Fines. A, B, C, D, E, F (data subjects) - Greece (2025). Retrieved from cookiefines.eu
Last updated: