Article summary
MLex has reported that an unnamed data controller has paid a fine of €300 imposed by the Spanish Data Protection Authority (DPA) for violating the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). The controller, who organised summer courses for children, did not give parents or legal guardians any option but to agree in a contract signed prior to the course that the controller could take photos and videos of the children for further advertising purposes, the DPA said. The DPA said this was not valid consent, and that the controller had failed to meet the legal requirements. The initial fine amounted to €500, but it was reduced when the controller agreed to make a voluntary payment.
To continue reading this news article, as well as thousands of others like it, sign in with LexisNexis or register for a free trial
Access this content for free with a 7 day trial of LexisNexis and benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 42 practice areas
Get your quote today and take step closer to being able to benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 36 practice areas
Get a quote for Lexis+
* denotes a required field
CONTACT US
