In a nutshell
Agencia Espanola Proteccion Datos (AEPD), the Spanish Agency for Data Protection agreed to initiate sanction against Eurobox S.A. after user was required to provide personal information documentation in order to unblock their online account. Fines were issued as a result.
The background
Eurobox S.A is a gambling website which was established in 1981 and with a volume of business of 557 369 EURO in 2021. A complaint was filed when a website user after having their account with Eurobox blocked, twere requested to provide documentation to prove their identity, domicile and employment and financial situation. The person responded to all questions and provided all documentations, despite being in doubt of the legality, but did still not get their account reactivated
AEPD found in their investigation that the processing of personal data was too broad and not considered necessary and therefore Eurobox acted in violation of GDPR Art 5.1 c) resulting in a fine of 8,000 Euros.
Additionally, AEPD found that Eurobox could not provide any evidence that the complainant had not been told the purpose of the processing for which the personal data was intended as well as the legal basis for the processing at the time where the personal data wascollected from the data subject. This is a violation of Art 13 and was resulting in an administrative fine of 2 000 Euro.
The total amount of 10 000 Euros was reduced to a total of 6 000 Euros due to immediate payment and admission of liability.
The takeaways
Read more: ps-00109-2024.pdf (aepd.es)
Questions?
For any questions about this case or data protection queries generally, please contact My Mattson or Frida Holmer.
