Spain
Homeowners Association
GDPR enforcement action by Spanish Data Protection Authority (aepd) on 2021-03-09.
Case details
- Authority
- Spanish Data Protection Authority (aepd)
- Date
- 2021-03-09
- Controller / Processor
- Homeowners Association
- Sector
- Real Estate
- Quoted Articles
- Art. 5 (1) f) GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
The Spanish DPA (AEPD) imposed a fine of EUR 15,000 on a homeowners' association. The controller had publicly displayed the record of a homeowners' meeting in the elevator of the building where the participants lived. From the records, the names, floors and apartment numbers of the meeting participants could be obtained, as well as the floors and apartment numbers of neighbors about whom the participants had complained during the meeting. The controller had justified the public notice with the fact that the results of this meeting concerned planned legal actions against some of the residential parties. They were to be informed about this so that they would not be able to claim later that they had not received the relevant notifications. The DPA considers this to be a violation of Art. 5 (1) f) GDPR, which refers to the principles of integrity and confidentiality of personal data.
Related fines