The Spanish Data Protection Authority (AEPD) imposed a fine of 1.200 EUR on a company for calling the data subject, offering them a deal on hotels, while they were included in an advertisement exclusion system. By joining this system, the data subject exercised their right to object to processing for marketing purposes under Article 21 GDPR. However, the company did not comply with its obligation of consulting the advertisement exclusion system before making a telephone call with marketing purposes in order to avoid processing their personal data.
The data subject received a call from the data controller’s number, stating that a friend of them had provided the company with their telephone number so that they offer them a hotel voucher, naming other friends of theirs and declaring that they had joined the promotion.
The AEPD considered that this constitutes a breach of Article 48(1)(b) of the Spanish Law 9/2014 General Telecommunications.
You can read the text of the decision in Spanish here.
For further information, please contact the Spanish DPA: prensa@aepd.es
