THE Spanish Agency for Data Protection (AEPD) has handed out a penalty of €10,000 for sharing intimate photos and screenshots of a woman’s conversations in WhatsApp without her consent.
The fine is the first of its kind in Spain and somewhat of a controversial decision as has made an example of the man’s behaviour, which although was illicit, is perceived by a proportion of the population as innocent.
The Agency’s decision now opens the doors to apply the European Data Protection Regulation (GDPR) directly on citizens, which according to privacy experts, is usually intended to be applied to companies and one which provides a stark warning to others.
The victim had reported to the AEPD in July 2019 that her privacy had been breached after several people told her that they had seen intimate photographs and screenshots of conversations on WhatsApp between herself and a co-worker. The images were also accompanied by hurtful and vexatious comments.
A fine was issued as according to the AEPD, sharing personal data from third parties without their consent constitutes a “very serious infraction.”. Detailing the penalty, the Agency indicated that although there is no record that the sanctioned man expressly wanted to violate the right to data protection of the victim, the comments attached to the photographs show a “serious negligence.” They had also lowered the penalty as the sharing of the content was one of a “purely local” scope and that only one person was affected.
Their decision has however caused concern in the field of privacy where experts have subsequently questioned whether the AEPD has the power to directly sanction citizens for behaviours such as the one detailed in this case. Borja Adsuara, a renowned Lawyer in the digital sector said: “The European Regulation is not intended to apply to individuals. European regulations were designed to protect the data of citizens against companies and large corporations such as Google or Facebook that make intensive use of consumer information.”