AEPD (Spain) - PS/00292/2019
| AEPD - PS/00292/2019 | |
|---|---|
 | |
| Authority: | AEPD (Spain) |
| Jurisdiction: | Spain |
| Relevant Law: | Article 5(1)(a) GDPR Article 6(1)(b) GDPR Article 83(2)(b) GDPR Article 83(2)(g) GDPR Article 83(5)(a) GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | |
| Decided: | n/a |
| Published: | 10. 2.2020 |
| Fine: | 1.000 € |
| Parties: | Anoymous Vs. Anonymous |
| National Case Number/Name: | PS/00292/2019 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Spanish |
| Original Source: | AEPD (in es) |
| Initial Contributor: | n/a |
The AEPD imposed a 1.000 € fine for a false advertisement containing personal data in a website aimed at offering services for adults, without the consent of the data subject.
English Summary
Facts
A website aimed at offering services for adults published the picture, name, telephone number and a sexual related description of a citizen – the complainant - as a contact person for the performance of these services without her consent. Following the publication of her personal data on the website, the complainant received unsolicited phone calls from people who wished to have sex with her. The complainant pointed out that the pictures published had been obtained from her work intranet with an external IP address. Thus, she filed a complaint with the AEPD against the IP address' owner which added her personal data to the website. Therefore, she complained that the advertiser who created the false ad unlawfully processed her personal data and did not sue the service provider which removed the publication immediately.
Dispute
The AEPD had to pronounce itself on the legal basis of the processing of personal data – the consent or the performance of a contract – and had to decide which circumstances should be takne into account for the administrative fine.
Holding
The AEPD stated that it was clear from the procedure that the advertiser added a false ad on the web portal, containing the personal data of the complainant without her consent. Thus, the AEPD ruled that the personal data published on the website were not necessary for the performance of the contract between the advertiser and the website. Therefore, it has been concluded that the advertiser violated Articles 5(1)(a) and 6(1)(b) GDPR.
In addition, the AEPD decided to impose a fine of 1.000 € in accordance with Article 83(5)(a) GDPR by taking into consideration that the action was intentional (Article 83(2)(b) GDPR), and that the personal data are sensitive (Article 83(2)(g) GDPR).
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the **Spanish** original. Please refer to the **Spanish** original for more details.
to be completed
