Comercio Online Levante, S.L. – €3,000 Fine (Spain, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Comercio Online Levante, S.L. was fined after a technical error allowed one customer to access another's account. This breach of confidentiality is a serious issue as it exposes personal data without consent. It serves as a reminder for online businesses to strengthen their security measures.
What happened
Comercio Online Levante, S.L. allowed a customer to access another customer's account, exposing personal data.
Who was affected
Customers of Comercio Online Levante, S.L. whose account information was improperly accessed.
What the authority found
The Spanish data protection authority found that Comercio Online Levante, S.L. violated confidentiality rules and lacked adequate security measures.
Why this matters
This ruling highlights the necessity for online businesses to implement strong security protocols to protect customer data. Companies should regularly assess their systems to prevent similar breaches.
GDPR Articles Cited
When a client tried to access their user account on the website of Comercio Online Levante, S.L., they were directed to the account if another client, therefore having access to the data of such client. The claimant sent an email sent to the online shop informing of the incident but received no answer, so they filed a complaint with the AEPD describing the incident. Did Comercio Online Levante, S.L. infringe the principle of confidentiality established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was a leak of personal data without the consent of the data subject. Additionally, they considered that there was an infringement of Article 32(1), as they concluded that the online shop did not have the appropriate technical and organisational measures in place to ensure an adequate level of protection. For this, the AEPD fined Comercio Online Levante, S.L.: * for the infringement of Article 5(1)(f), €2,000. * for the infringement of Article 32(1), €1,000.
Related Enforcement Actions (0)
No other enforcement actions found for Comercio Online Levante, S.L. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
2 December 2020
Authority
Agencia Española de Protección de Datos
Fine Amount
€3,000
Enforcement Tracker ID
ETid-464
GDPRhub ID
gdprhub-3243About this data
Cite as: Cookie Fines. Comercio Online Levante, S.L. - Spain (2020). Retrieved from cookiefines.eu
Last updated: