AEPD (Spain) - PS/00292/2019: Difference between revisions

From GDPRhub
No edit summary
 

Latest revision as of 14:26, 13 December 2023

AEPD - PS/00292/2019
LogoES.jpg
Authority: AEPD (Spain)
Jurisdiction: Spain
Relevant Law: Article 5(1)(a) GDPR
Article 6(1)(b) GDPR
Article 83(2)(b) GDPR
Article 83(2)(g) GDPR
Article 83(5)(a) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided: n/a
Published: 10. 2.2020
Fine: 1.000 €
Parties: Anoymous Vs. Anonymous
National Case Number/Name: PS/00292/2019
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Spanish
Original Source: AEPD (in es)
Initial Contributor: n/a

The AEPD imposed a 1.000 € fine for a false advertisement containing personal data in a website aimed at offering services for adults, without the consent of the data subject.

English Summary

Facts

A website aimed at offering services for adults published the picture, name, telephone number and a sexual related description of a citizen – the complainant - as a contact person for the performance of these services without her consent. Following the publication of her personal data on the website, the complainant received unsolicited phone calls from people who wished to have sex with her. The complainant pointed out that the pictures published had been obtained from her work intranet with an external IP address. Thus, she filed a complaint with the AEPD against the IP address' owner which added her personal data to the website. Therefore, she complained that the advertiser who created the false ad unlawfully processed her personal data and did not sue the service provider which removed the publication immediately.

Dispute

The AEPD had to pronounce itself on the legal basis of the processing of personal data – the consent or the performance of a contract – and had to decide which circumstances should be taken into account for the administrative fine.

Holding

The AEPD stated that it was clear from the procedure that the advertiser added a false ad on the web portal, containing the personal data of the complainant without her consent. Thus, the AEPD ruled that the personal data published on the website were not necessary for the performance of the contract between the advertiser and the website. Therefore, it has been concluded that the advertiser violated Articles 5(1)(a) and 6(1)(b) GDPR.

In addition, the AEPD decided to impose a fine of 1.000 € in accordance with Article 83(5)(a) GDPR by taking into consideration that the action was intentional (Article 83(2)(b) GDPR), and that the personal data are sensitive (Article 83(2)(g) GDPR).

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the **Spanish** original. Please refer to the **Spanish** original for more details.

to be completed