AEPD - PS/00112/2020
|AEPD - PS/00112/2020|
|Relevant Law:||Article 13 GDPR|
Article 21(1) of the Spanish Law on Information Society Services (LSSI)
|Parties:||Secreyo Servicios de Telesecretariado, S.L.|
|National Case Number/Name:||PS/00112/2020|
|European Case Law Identifier:||n/a|
|Original Source:||AEPD decision (in ES)|
|Initial Contributor:||Miguel Garrido de Vega|
14 August 2020 - The Spanish Data Protection Agency (AEPD) decided to impose a warning on Secreyo Servicios de Telesecretariado, S.L. (the defendant) for the infringement of its duty of not sending unsolicited commercial communications, as per Article 21(1) of the Spanish Law on Information Society Services (LSSI), as well as for the infringement of Article 13 of the GDPR.
English Summary[edit | edit source]
Facts[edit | edit source]
Dispute[edit | edit source]
The defendant answered to the AEPD investigation requests stating that it did not know the place from which it collected the personal details of the claimant; every year, the defendant carries out new customer acquisition campaigns addressed to contacts provided by satisfied customers as well as to contacts obtained from the public browser at the national and/or local bar association websites. The defendant also sent an apologies email to the claimant. The AEPD started the corresponding sanction procedure.
Holding[edit | edit source]
Thus, the AEPD understood that the defendant has infringed its duties as per Article 21(1) LSSI (according to which, unsolicited commercial communications are expressly forbidden unless there is consent or a previous contract relationship and the services/products are similar to those previously contracted) and Article 13 GDPR (as it was confirmed that the website of the defendant is not compliant with the data protection information requirements). Consequently, after considering some mitigating circumstances [(i) the number of communications sent, and (ii) the lack of damages caused nor advantages obtained], the AEPD decided to impose a formal warning on the defendant. The AEPD also required the defendant to correct the infringement of both legal articles in the period of one (1) month since the holding, and to provide evidences on such compliance.
Comment[edit | edit source]
Although, according to Article 72 of the Spanish Law on Personal Data Protection and Digital Guarantees (LOPDGDD), the infringement of Article 13 GDPR is considered a very serious breach and could be fined with the amounts established in Article 83(5) GDPR, in this case, the AEPD considered that the defendant had already been notified (when the sanctioning procedure started) on the need to comply with the data protection laws, so, considering that the law [Article 58(2) and Whereas 148 GDPR] also makes possible for the supervisory authorities to decide whether to impose an economic fine or a warning, it chose this last option; besides, it also considered that the defendant has also been informed on the possibility of new sanctioning procedures in case it does not comply with the abovementioned correction period of one (1) month.
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.