Xfera Moviles S.A. – €60,000 Fine (Spain, 2020)

€60,000Agencia Española de Protección de Datos25 September 2020Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Spanish telecom company was fined for not deleting a customer's personal data after they canceled their service. They continued to process the customer's data without a valid reason. This ruling stresses that companies must delete personal data when it is no longer needed.

What happened

The company failed to remove a customer's personal data after the cancellation of their telephone services contract.

Who was affected

The customer whose personal data was not deleted after canceling their service.

What the authority found

The authority found that the company processed personal data without a sufficient legal basis after the service was canceled.

Why this matters

This ruling serves as a reminder that businesses must promptly delete personal data when it is no longer necessary. Companies should have clear policies for data retention and deletion.

GDPR Articles Cited

AI-verified

Art. 5(GDPR)
Art. 6(GDPR)
View original scraped data
Art. 5(GDPR)
Art. 6(GDPR)

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
articles corrected
Spain enforcementAgencia Española de Protección de Datos actionsAll Xfera Moviles S.A. actions
Full Legal Summary
Detailed

Failure to remove the data subject's personal data at the time of cancellation of his/her telephone services contract and sending a warning to the data subject after cancellation resulting in the processing of his/her personal data without sufficient legal basis.

Related Enforcement Actions (15)

Other enforcement actions involving Xfera Moviles S.A. in ES

Fine
Oct 2019· Agencia Española de Protección de Datos

Xfera Movile has used personal data without a legal basis for the conclusion of a telephone contract and has continued to process personal data even w...

€60K
Fine
Nov 2019· Agencia Española de Protección de Datos

An individual complainant had received an SMS from Xfera Móviles which was to be addressed to a third party and which allowed him to access the accoun...

€60K
Fine
Feb 2020· Agencia Española de Protección de Datos

According to the data protection authority, XFERA MOVILES has violated Article 6(1) of the GDPR, as the company has unlawfully processed data, includi...

€60K
Fine
Feb 2020· Agencia Española de Protección de Datos

The AEPD found that a third party had access to the name, telephone number and address of another customer.

€30K
Fine
Mar 2020· Agencia Española de Protección de Datos

The company did not provide the data protection authority with the requested information in a timely manner. The AEPD's request was preceded by a requ...

€5K
Fine
Jun 2020· Agencia Española de Protección de Datos

A customer claimed to have received an SMS from Xfera Móviles informing about the non-payment and the resulting suspension of the service in relation ...

€39K
Fine
Jun 2020· Agencia Española de Protección de Datos

The data subject received a notice from a debt collection company demanding payments in connection with Xfera Móviles' services, even though the claim...

€75K
Fine
Jul 2020· Agencia Española de Protección de Datos

The company had not cooperated sufficiently with the data protection authority.

€5K
Fine
Jul 2020· Agencia Española de Protección de Datos

The company had changed a contract for a mobile phone connection to a new owner, whereby the personal data of a data subject such as his address and t...

€55K
Fine
Jul 2020· Agencia Española de Protección de Datos

A data subject had received a call from another Xfera Móviles customer who stated that the company had charged his bank account with an invoice, discl...

€70K
Fine
Jul 2020· Agencia Española de Protección de Datos

Following a complaint, Xfera Móviles was requested by the AEPD to submit certain information and documents, but did not do so within the provided time...

€5K
Current
Sept 2020

Fine

€60K

Fine
Nov 2020· Agencia Española de Protección de Datos

Xfera Móviles had failed to cooperate with the AEPD in the investigation of privacy violations. Xfera Móviles had neither responded to the request for...

€20K
Fine
Dec 2020· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine on Xfera Móviles, S.A. due to insufficient legal basis for data processing. The data subject states that two tel...

€40K
Fine
Feb 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 40,000 on Xfera Móviles S.A.. The data subject claimed a violation of its right to information to the AEP...

€24K
Fine
Mar 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 150,000 on Xfera Móviles S.A.. The DPA had received two complaints from a data subject. The first complai...

€90K

Details

Fine Date

25 September 2020

Authority

Agencia Española de Protección de Datos

Fine Amount

€60,000

Enforcement Tracker ID

ETid-408

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Xfera Moviles S.A. - Spain (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: