Vodafone España, S.A.U. – €60,000 Fine (Spain, 2019)

Disclosure of customer personal data (i.a. purchase history) via an SMS to another customer. The initial fine of EUR 50.000 was reduced to EUR 30.000.

Vodafone had processed personal data of the claimant (bank details, name, surname and national identification number) years after the contractual rela...

The company had charged a Netflix service that had not been solicited by the claimant. The claimant could prove that the service had been used by anot...

Vodafone sent an invoice history to the subscriber as part of the invoice complaint by the subscriber. The history also contained invoice data of an u...

The claimant, whose data had been provided to the company by his daughter, as authorised by him, received a call from the company offering its service...

The company had sent a contract with personal data, including the applicant's name, address and telephone number, to the wrong recipient.

Failure to provide information to the AEPD within the required timeframe in violation of Article 58

The data subject, a former customer of the company, continued to receive invoice notifications, although at that time there was neither a contractual ...

The fine was preceded by a complaint from a data subject who argued that Vodafone España had sent invoices containing his personal data, such as name,...

The fine was preceded by a complaint from the data subject, who argued that he had received an e-mail from Vodafone España, which contained the billin...

The complainant had access to third party data in his personal Vodafone profile.

Vodafone España was unable to prove to the data protection authority that the data subject had given his consent to the processing of his personal dat...

According to the AEPD, the company sent two SMS to an clients mobile number informing about a rate change in its contract and confirming the purchase ...

According to the AEPD, the company had not been able to demonstrate adequate measures to ensure information security, leading to unauthorized access t...

According to the AEPD, the company sent an SMS to an clients mobile number confirming that a telephone contract with that number had been signed even ...

According to the AEPD, the data subject has received several SMS from a separate operator indicating the activation of a new contract. The reason for ...

Processing of personal data of a data subject without sufficient legal basis due to errors in the correct assignment of customer contracts.

Processing of personal data of a data subject without sufficient legal basis due to errors in the correct assignment of customer contracts. In this ca...

The company ported a telephone number of the data subject without their consent (missing signature on the porting contract).

In 2019, after an arbitration procedure, the company agreed to the early termination of a contract with the data subject and to the deletion of the pe...