GSMA Limited

€600,000

Insufficient legal basis for data processing

Fecha de la decisión

31 de mayo de 2024

Autoridad

Spanish Data Protection Authority (aepd)

ES

Sector

Individuals and Private Associations

País

ES

Ley

GDPR

Estado

FINAL

Descripción

The Spanish DPA has imposed a fine of EUR 600,000 on GSMA Limited. In 2022, GSMA Limited required employees of its suppliers to register on an online platform and upload proof of vaccination against COVID-19. One of the data subjects filed a complaint with the DPA as they considered the data processing to be unlawful. GSMA referred to a legal obligation and public interest, but could not provide a specific legal basis. The DPA found that less invasive safeguards would have been possible and that the affected workers were not sufficiently informed about the data processing.

Citas legales

Art. 6 (1)Art. 9 (2)Art. 14

Problemas e infracciones

Insufficient legal basis for data processing
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Spanish Data Protection Authority (aepd) - PILLOW ...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.