Xfera Moviles S.A. – €60,000 Fine (Spain, 2020)

€60,000Agencia Española de Protección de Datos3 February 2020Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Xfera Moviles was fined for unlawfully processing personal data, including sensitive bank details. This is significant because it reminds companies to handle customer information responsibly and legally.

What happened

Xfera Moviles unlawfully processed personal data such as bank details and customer addresses.

Who was affected

Customers whose personal data was processed without proper legal grounds were affected.

What the authority found

The authority found that Xfera Moviles violated Articles 5 and 6 of GDPR by processing personal data without a valid legal basis.

Why this matters

This case serves as a warning to companies about the importance of having a legal basis for processing personal data. Businesses should ensure they understand and comply with data protection rules.

GDPR Articles Cited

AI-verified

Art. 5(GDPR)
Art. 6(GDPR)
View original scraped data
Art. 5(GDPR)
Art. 6(GDPR)

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
articles corrected
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll Xfera Moviles S.A. actions
Full Legal Summary
Detailed

According to the data protection authority, XFERA MOVILES has violated Article 6(1) of the GDPR, as the company has unlawfully processed data, including bank details, customer address and name of the data subjects.

Related Enforcement Actions (15)

Other enforcement actions involving Xfera Moviles S.A. in ES

Fine
Oct 2019· Agencia Española de Protección de Datos

Xfera Movile has used personal data without a legal basis for the conclusion of a telephone contract and has continued to process personal data even w...

€60K
Fine
Nov 2019· Agencia Española de Protección de Datos

An individual complainant had received an SMS from Xfera Móviles which was to be addressed to a third party and which allowed him to access the accoun...

€60K
Current
Feb 2020

Fine

€60K

Fine
Feb 2020· Agencia Española de Protección de Datos

The AEPD found that a third party had access to the name, telephone number and address of another customer.

€30K
Fine
Mar 2020· Agencia Española de Protección de Datos

The company did not provide the data protection authority with the requested information in a timely manner. The AEPD's request was preceded by a requ...

€5K
Fine
Jun 2020· Agencia Española de Protección de Datos

A customer claimed to have received an SMS from Xfera Móviles informing about the non-payment and the resulting suspension of the service in relation ...

€39K
Fine
Jun 2020· Agencia Española de Protección de Datos

The data subject received a notice from a debt collection company demanding payments in connection with Xfera Móviles' services, even though the claim...

€75K
Fine
Jul 2020· Agencia Española de Protección de Datos

The company had not cooperated sufficiently with the data protection authority.

€5K
Fine
Jul 2020· Agencia Española de Protección de Datos

The company had changed a contract for a mobile phone connection to a new owner, whereby the personal data of a data subject such as his address and t...

€55K
Fine
Jul 2020· Agencia Española de Protección de Datos

A data subject had received a call from another Xfera Móviles customer who stated that the company had charged his bank account with an invoice, discl...

€70K
Fine
Jul 2020· Agencia Española de Protección de Datos

Following a complaint, Xfera Móviles was requested by the AEPD to submit certain information and documents, but did not do so within the provided time...

€5K
Fine
Sept 2020· Agencia Española de Protección de Datos

Failure to remove the data subject's personal data at the time of cancellation of his/her telephone services contract and sending a warning to the dat...

€60K
Fine
Nov 2020· Agencia Española de Protección de Datos

Xfera Móviles had failed to cooperate with the AEPD in the investigation of privacy violations. Xfera Móviles had neither responded to the request for...

€20K
Fine
Dec 2020· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine on Xfera Móviles, S.A. due to insufficient legal basis for data processing. The data subject states that two tel...

€40K
Fine
Feb 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 40,000 on Xfera Móviles S.A.. The data subject claimed a violation of its right to information to the AEP...

€24K
Fine
Mar 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 150,000 on Xfera Móviles S.A.. The DPA had received two complaints from a data subject. The first complai...

€90K

Details

Fine Date

3 February 2020

Authority

Agencia Española de Protección de Datos

Fine Amount

€60,000

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Xfera Moviles S.A. - Spain (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: