UniConsent
On 13 January 2021, the Spanish data protection authority issued the largest penalty under the GDPR because valid consent is not obtained before processing personal data.
GDPR: CaixaBank in Spain is fined €6M for consent failure - UniConsent
The Spanish data protection authority ('AEPD') fines CaixaBank S.A. €6 million for violating Articles 6, 13, and 14 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') on 13 January 2021.
The resolution highlights that CaixaBank did not provide sufficient justification for the legal basis for the processing of personal data, especially in relation to the data processed on the basis of legitimate interest.
CaixaBank did not comply with the requirements for obtaining valid consent, namely, to be specific, unequivocal, and informed.
The resolution further outlines that deficiencies were identified in the processes to obtain the consent of the clients for the processing of their personal data.
The resolution rules the transfer of personal data to companies within the CaixaBank Group was unlawful.
The fine is the largest financial penalty issued under the GDPR by the AEPD to date.
Reference (Spanish): https://www.aepd.es/es/documento/ps-00477-2019.pdf
Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc
Sign upCanada: Insights from Canada's Privacy Commissioner on Deceptive Design Patterns
Noyb Guidelines on Cookie Banner Dark Pattern 2024
Google Data Privacy Changes: Key Updates in July 2024
2024 US Data Privacy Laws: Key Updates and Changes
Google Data Privacy Updates for US 2024: What You Need to Know
CMP requirements in Switzerland: Impact on Swiss Publishers and UniConsent CMP for Switzerland
Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc
Sign up