Spanish DPA AEPD issues several fines for GDPR violations during June and July 2022.
AEPD found that the video surveillance constituted a violation of the data minimisation principle according to Article 5(1)(c) of the GDPR.
The video surveillance system was oriented toward public roads and private areas without any justified cause, harming all affected parties.
Cameras must be oriented towards the particular space, avoiding intimidating adjoining neighbours with this type of device, as well as surveilling transit areas without just cause.
16 June 2022, AEPD imposed a fine of €80,000 on Banco Bilbao Vizcaya Argentaria, S.A. ('BBVA') for a violation of GDPR following a complaint submitted by an individual.
The AEPD stated that the complainant's data stored in BBVA's database had been disclosed to a third party when it should have been deleted or anonymised.
The data controller BBVA had failed to take adequate technical and organisational measures to prevent the disclosure of personal data to unauthorised third parties.
AEPD imposed a fine of €100,000 on Comercializadora Regulada Gas & Power, S.A. for a violation of GDPR following a complaint on 8 July 2022.
Comercializadora Regulada Gas & Power had sent the complainant's electricity supply contract containing the complainant's personal data to the complainant's old address, but a person had been living at the complainant's old address gained access to the complainant's new address.
AEPD imposed a fine of €220,000 on DKV Seguros y Reaseguros, Sociedad Anónima Española for violations of GDPR following a complaint submitted by an individual on 13 July 2022.
The complainant had received 51 emails with medical clearances of unknown individuals from the health insurance company DKV Seguros y Reaseguros, including the individuals' personal data such as names, surnames, and test data, from 16 April 2020 to 9 March 2021 although the complainant had repeatedly brought the situation to the attention of DKV Seguros y Reaseguros.
DKV Seguros y Reaseguros' technical and organisational security measures were not adequate, taking into consideration that the data in question was sensitive.
UniConsent is a part of Transfon User Experience Platform that serve tens of millions of users per day to provide a seamless experience for both users and publishers in the age of post-GDPR. Contact us to know more: email@example.com
EU Privacy Campaign Group filed a batch of warnings to websites with non-compliant cookie banners
Spain: Spanish DPA AEPD issues several fines for GDPR violations during June and July 2022
Czech Republic: the half year cookie compliance monitoring report from Czech DPA
TikTok: EU DPAs warn TikTok following announcement on the legal basis for targeted advertising
UK GDPR: UK may remove the need for cookie banner pop-ups for low risk activities
IAB Tech Lab released Global Privacy Platform (GPP) specifications