Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Spain: AEPD fines BBVA €5M for GDPR information and consent failures
The Spanish data protection authority ('AEPD') issued, on 11 December 2020, a resolution in proceedings PS/00070/2019, fining Banco Bilbao Vizcaya Argentaria, SA ('BBVA') €2 million for a violation of Article 13 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and €3 million for a violation of Article 6 of the GDPR. In particular, the resolution highlights that, in relation to the first infraction, BBVA used imprecise terminology to define the privacy policy, and provided insufficient information about the category of personal data processed, especially in relation to customer data obtained through products, services, and channels, among others. In addition, the resolution provides that, in relation to the second infraction, BBVA failed to obtain consent before the sending of promotional SMS messages to a customer and did not have in place a specific mechanism for consent to be obtained by customers and account managers.
You can read the resolution, only available in Spanish, here.