Details:
| Summary | The Spanish DPA has fined a private individual operating three websites EUR 2,000. During its investigation, the DPA found that all three websites lacked a field for giving consent to the processing of personal data. In addition, the DPA found that the privacy policies on the websites were missing any reference to the identity of the data controller and to the right of data subjects to withdraw their consent to data processing. |
| Link: | link |
| Related articles: | Art. 6 (1) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 2,000 |
| Sector | Individuals and Private Associations |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/