AEPD (Spain) - PS/00406/2019: Difference between revisions
(→Facts) |
No edit summary |
||
Line 82: | Line 82: | ||
|Party_Name_5= | |Party_Name_5= | ||
|Party_Link_5= | |Party_Link_5= | ||
}} | |||
The APED fined 2.500 € a data controller for sending advertisement email without blind carbon copy (Bcc) the email recipients. By disclosing the email addresses of the recipient, the company violated the principle of integrity and confidentiality – Article 5(1)(f) GDPR-. | The APED fined 2.500 € a data controller for sending advertisement email without blind carbon copy (Bcc) the email recipients. By disclosing the email addresses of the recipient, the company violated the principle of integrity and confidentiality – Article 5(1)(f) GDPR-. |
Revision as of 12:05, 9 May 2022
AEPD - PS/00406/2019 | |
---|---|
Authority: | AEPD (Spain) |
Jurisdiction: | Spain |
Relevant Law: | Article 5(1)(f) GDPR Article 83(5)(a) GDPR |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | n/a |
Published: | 21. 2.2020 |
Fine: | 2.500 € |
Parties: | Anoymous Vs. Electric Renting Groups, S.L |
National Case Number/Name: | PS/00406/2019 |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | Spanish |
Original Source: | AEPD (in es) |
Initial Contributor: | n/a |
The APED fined 2.500 € a data controller for sending advertisement email without blind carbon copy (Bcc) the email recipients. By disclosing the email addresses of the recipient, the company violated the principle of integrity and confidentiality – Article 5(1)(f) GDPR-.
English Summary
Facts
A citizen filed a complaint with the AEPD against Electric Renting Groups, S.L for sending an advertisement email and disclosing the recipients of this email. Indeed, the company, which acted as a data controller, sent the email without confining the dozens of email recipients in blind carbon copy (Bcc:).
The AEPD informed the controller about the complaint and give them 1 month to reply.
After not obtaining any reply from the controller, the AEPD agreed to initiate investigations against the data controller for the alleged infringement of Article 5(1)(f) GDPR, the principle of integrity and confidentiality. The AEPD gave the controller another 10 days to reply to the allegations.
The controller failed to reply to the AEPD.
Dispute
Does the disclosure of dozens email addresses constitute a GDPR violation?
Holding
The AEPD ruled that the sending of email without Bcc: the email recipients constituted a violation of the principle of integrity and confidentiality (Article 5(1)(f) GDPR), as well as the principle of proactive responsibility of the data controller.
Consequently, the APED decided to issue a fine of 2.500 € for the violation of the principle of integrity and confidentiality, pursuant to Article 83(5)(a) GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the **Spanish** original. Please refer to the **Spanish** original for more details.
to be completed