Comercio Online Levante, S.L. – €3,000 Fine (Spain, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
When a client tried to access their user account on the website of Comercio Online Levante, S.L., they were directed to the account if another client, therefore having access to the data of such client. The claimant sent an email sent to the online shop informing of the incident but received no answer, so they filed a complaint with the AEPD describing the incident. Did Comercio Online Levante, S.L. infringe the principle of confidentiality established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was a leak of personal data without the consent of the data subject. Additionally, they considered that there was an infringement of Article 32(1), as they concluded that the online shop did not have the appropriate technical and organisational measures in place to ensure an adequate level of protection. For this, the AEPD fined Comercio Online Levante, S.L.: * for the infringement of Article 5(1)(f), €2,000. * for the infringement of Article 32(1), €1,000.
GDPR Articles Cited
When a client tried to access their user account on the website of Comercio Online Levante, S.L., they were directed to the account if another client, therefore having access to the data of such client. The claimant sent an email sent to the online shop informing of the incident but received no answer, so they filed a complaint with the AEPD describing the incident. Did Comercio Online Levante, S.L. infringe the principle of confidentiality established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was a leak of personal data without the consent of the data subject. Additionally, they considered that there was an infringement of Article 32(1), as they concluded that the online shop did not have the appropriate technical and organisational measures in place to ensure an adequate level of protection. For this, the AEPD fined Comercio Online Levante, S.L.: * for the infringement of Article 5(1)(f), €2,000. * for the infringement of Article 32(1), €1,000.
Related Enforcement Actions (0)
No other enforcement actions found for Comercio Online Levante, S.L. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
2 December 2020
Authority
Agencia Española de Protección de Datos
Fine Amount
€3,000
Enforcement Tracker ID
ETid-464
GDPRhub ID
gdprhub-3243About this data
Cite as: Cookie Fines. Comercio Online Levante, S.L. - Spain (2020). Retrieved from cookiefines.eu
Last updated: