Details:

Summary The Spanish DPA has fined Techpump Solutions S.L. EUR 525,000. Techpump operates several websites with adult content. The DPA found several violations of data protection law during its investigation. Firstly, the DPA found that, contrary to the specified information in the privacy policy, Techpump shared users’ personal data with companies belonging to the same group. In addition, the DPA found that Techpump had not specified a retention period for users’ personal data and kept it indefinitely until users requested to withdraw their consent. Techpump also processed users’ personal data without first obtaining their consent. Further, the DPA found that Techpump did not have sufficient parental controls to prevent minors under the age of 14 from accessing its content. In addition, Techpump’s privacy policy was only available in English, rather than Spanish, and the information was not clearly understandable. Techpump also required that individuals who wished to exercise their data subject rights submit their ID card information in order to verify their identity. The DPA considered this to be an unacceptable impediment to the exercise of data subject rights. Finally, Techpump also collected various data such as IP addresses and WIFI data without having defined a processing purpose for it.
Link: link
Related articles:  Art. 5 (1) a), b), e) GDPR, Art. 6 (1) GDPR, Art. 8 GDPR, Art. 12 (1), (2) GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 30 (1) GDPR, Art. 22 (2) LSSI
Type: Non-compliance with general data processing principles
Fine: EUR 525,000
Sector Media, Telecoms and Broadcasting

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law