IBERDROLA CLIENTES, S.A.U – €200,000 Fine (Spain, 2025)

A data subject entered into a contract with IBERDROLA CLIENTES, S.A.U (a utilities company, the controller) in October 2022. The data subject decided to terminate the contract early in December 2022. This came with a penalty of 114 euros in total, which the controller informed the data subject by mail. The payment request was issued on 1 March 2023, however, it was not sent by the post service until 14 March 2023. The controller requested ASNEF (a credit information agency) to include the information on the data subject’s debt on 27 March 2023. This was done despite the fact that the data subject had not received the payment request. The data was included in the ASNEF’s delinquency file on 28 March. The data subject presented a complaint to the DPA on 26 August 2023. According to the data subject, the controller transferred data related to an outstanding debt to ASNEF without their knowledge. This was because the data subject was unaware of the debt and that their data would be included in a credit information agency system. The controller argued that the data subject was sufficiently informed, since the contract stated the possibility of transferring data to a credit information agency in cases of nonpayment. The request for payment also stated this possibility. The DPA imposed a €200,000 fine on the controller on 8 April 2025, and the controller filed an internal appeal on 20 May 2025. The DPA dismissed the internal appeal on the basis that the deadline to file the appeal had already passed. In its initial decision, the DPA stated that the data transfer to the credit reference agency was unlawful under Article 6(1) GDPR. National law ([https://www.boe.es/buscar/act.php?id=BOE-A-2018-16673#a2-2 Article 20 of the Spanish Data Protection Act]) allows data processing by credit information agencies related to unfulfilled financial obligations. This processing, however, must meet specific conditions, and process data in line with the GDPR. While the payment reques