AEPD (Spain) - PS/00603/2021
|AEPD (Spain) - PS/00603/2021
|Article 6(1) GDPR
Article 13 GDPR
Article 22.2 Spanish Law of Information Society Services (LSSI)
|National Case Number/Name:
|European Case Law Identifier:
|AEPD (in ES)
English Summary[edit | edit source]
Facts[edit | edit source]
The AEPD also verified that when entering the website, non-essential cookies such as Google Analytics are used, without an adequate banner informing data subjects about their use, the possibility to reject them, or consent to them in a differentiated granular manner.
Holding[edit | edit source]
The AEPD held that by processing personal data without the data subject’s clear, affirmative, informed and free consent, or any other valid legal basis, the online store had violated Article 6(1) GDPR.
Taking into account that the online store was owned by a private individual, the AEPD issued a fine of €1000 for the each of the three aforementioned violations, for a total fine of €3000. Due to the fact that the individual voluntarily paid the fine and expressly accepted their responsibility, the fine was reduced to €1800.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.