The AEPD fined CaixaBank €6 million for processing the biometric data of employees using a fingerprint access control system without adequate legal basis. The fine was later reduced to €3 million following voluntary payment and acknowledgement of responsibility.

€6M

Xfera Móviles S.A. (Yoigo)

technology

AEPD2022

The AEPD fined Yoigo/Xfera Móviles €900,000 for making unsolicited commercial communications to customers who had not given consent, violating LOPDGDD provisions on the use of contact data for direct marketing purposes.

€900,000.0

Endesa Energía S.A.U.

technology

AEPD2021

The AEPD fined Endesa €3 million for processing customers' personal data without a valid legal basis for direct marketing, and for failing to adequately handle data subjects' objections to marketing communications.

€3M

BBVA (Banco Bilbao Vizcaya Argentaria)

technology

AEPD2021

The AEPD fined BBVA €5 million for tracking customers' location data and processing personal data for profiling purposes without adequate transparency and without providing clear consent mechanisms in the BBVA mobile banking application.

€5M

Vodafone España S.A.U.

technology

AEPD2021

The AEPD fined Vodafone España €8.15 million for multiple GDPR violations including unlawful processing of personal data for commercial communications without consent, obstructing customer requests to exercise data protection rights, and inadequate data security measures.

€8.2M

Legal Framework

Regulations by Domain

Marketplace

Spain

Authorities

Landmark Cases

Regulations by Domain

Regulatory Experts