Show all guides
Europe
GDPR

Spain fines Yoti €950,000 over biometric data violations

Last update:
Mar 11, 2026

Spain’s data protection authority (AEPD) fined digital identity company Yoti €950,000 for unlawful processing of biometric data. The regulator found that the company failed to establish a valid legal basis under GDPR for processing facial recognition data used in its age verification services.

Authorities also criticized Yoti’s use of pre-ticked consent boxes for research purposes, stating that such practices do not meet GDPR requirements for freely given consent. The decision highlights growing scrutiny around biometric technologies and their classification as sensitive personal data.

The full guidelines can be found
here

Related Guides

Irish DPC Fines Meta 390M Euros over Legal Basis for Personalized Ads

January 5, 2023

After lengthy review, the Irish DPC issued a massive fine to Meta over its failure to give opt-in for personalized ads.
Europe
GDPR

Dutch DPA warns companies over dark patterns in consent banners

December 18, 2025

The Dutch data protection authority warned companies that deceptive cookie banners and dark patterns undermine valid GDPR consent. The regulator signaled future enforcement if practices that nudge users toward “accept all” are not corrected.
Europe
GDPR
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only