AEPD (Spain) - PS/00406/2019

From GDPRhub
Revision as of 11:16, 25 February 2020 by Juliette Leportois (talk | contribs) (Created page with "{{DPAdecisionBOX <!--Information about the DPA--> |Jurisdiction=Spain |DPA-BG-Color=#ffffff; |DPAlogo=logoES.jpg |DPA_Abbrevation=AEPD |DPA_With_Country=AEPD (Spain) <!--Inf...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
AEPD - PS/00406/2019
LogoES.jpg
Authority: AEPD (Spain)
Jurisdiction: Spain
Relevant Law: Article 5(1)(f) GDPR
Article 83(5)(a) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided: n/a
Published: 21. 2.2020
Fine: 1.500 €
Parties: Anoymous Vs. Electric Renting Groups, S.L
National Case Number/Name: PS/00406/2019
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Spanish
Original Source: AEPD (in es)
Initial Contributor: n/a

The APED fined 2.500 € a data controller fro sending an advertisement email without blind carbon copy (Bcc) the email recipients. By disclosing the email addresses, the company violated the principle of integrity and confidentiality – Article 5(1)(f) GDPR-.

English Summary

Facts

A citizen filed a complaint with the AEPD against Electric Renting Groups, S.L for sending an advertisement email and disclosing the recipients of this email. Indeed, the company, which acted as a data controller, sent the emails without confining the dozens of email recipients in blind carbon copy (Bcc:.

Following the complaint, the AEPD agreed to initiate investigations against the data controller for the alleged infringement of Article 5(1)(f) GDPR, the principle of integrity and confidentiality.

Dispute

Does the disclosure of dozens email addresses constitute a GDPR violation?

Holding

The AEPD ruled that the sending of email without Bcc: the email recipients constituted a violation of the principle of integrity and confidentiality, under Article 5(1)(f) GDPR, as well as the principle of proactive responsibility of the data controller.

Consequently, the APED decided to issue a fine of 2.500 € for the violation of the principle of integrity and condidentily, pursuant to Article 83(5)(a) GDPR.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the **Spanish** original. Please refer to the **Spanish** original for more details.

to be completed