Spain
Website operator
9,000 €
GDPR enforcement action by Spanish Data Protection Authority (aepd) on 2021-09-13.
Rank · Sector
#69
of 218 in Not assigned
Rank · Spain
#428
of 1,075
Rank · All fines
#1,473
of 3,050
Case details
- Authority
- Spanish Data Protection Authority (aepd)
- Date
- 2021-09-13
- Controller / Processor
- Website operator
- Sector
- Not assigned
- Quoted Articles
- Art. 6 GDPR, Art. 13 GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The Spanish DPA (AEPD) has imposed a fine of EUR 9,000 on the controller of a website. A person had filed a complaint with the DPA due to the fact that the controller had published his first and last name as well as a screenshot of his Linkedin profile on his website. The controller had neither obtained the data subject's consent for this, nor had he informed him about the processing of his personal data. The DPA considered this to be a violation of Art. 6 GDPR and Art. 13 GDPR.
Open original source
Links to the regulator's original publication or another source.
Related fines
Spain
2025-04-07
14,400,000 €
ETid-3192
AMADEUS IT GROUP, S.A.
Transportation and Energy
Spain
2025-11-06
10,043,002 €
ETid-2962
Aena, S.M.E., S.A.
Transportation and Energy
Spain
2022-05-18
10,000,000 €
ETid-1176
Google LLC
Media, Telecoms and Broadcasting
Spain
2021-03-11
8,150,000 €
ETid-594
Vodafone España, S.A.U.
Media, Telecoms and Broadcasting
Spain
2023-12-27
6,500,000 €
ETid-2532
THE PHONE HOUSE SPAIN, S.L.
Media, Telecoms and Broadcasting
Spain
2023-10-25
6,100,000 €
ETid-2220
ENDESA ENERGÍA, S.A.U.
Transportation and Energy