Digi Spain Telecom, S.L.U. – €70,000 Fine (Spain, 2023)

€70,000Agencia Española de Protección de Datos14 June 2023Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Digi Spain Telecom was fined €70,000 for giving a duplicate SIM card to a fraudster without checking their identity. This is important because it shows how companies must verify identities before sharing sensitive information. The failure to do so allowed the fraudster to access a customer's bank account.

What happened

Digi Spain Telecom provided a duplicate SIM card to an unauthorized third party without verifying their identity.

Who was affected

A customer whose SIM card was fraudulently duplicated, leading to unauthorized access to their bank account.

What the authority found

The Spanish DPA ruled that Digi Spain Telecom did not obtain proper consent or verify the identity of the third party before sharing sensitive information.

Why this matters

This ruling highlights the need for companies to have strict identity verification processes in place. It serves as a reminder that failing to protect customer data can result in significant financial penalties.

GDPR Articles Cited

AI-verified

Art. 6(1) GDPR
View original scraped data
Art. 6(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll Digi Spain Telecom, S.L.U. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 70,000 on Digi Spain Telecom, S.L.U.. A person had filed a complaint with the DPA because the company had given a duplicate of their SIM card to an unauthorized fraudulent third party without their consent. During its investigation, the DPA found that the company failed to verify the identity of the third party or obtain the data subject's consent to share their data. This allowed the fraudsters to gain access to the data subject's bank account and make unauthorized transactions.

Related Enforcement Actions (2)

Other enforcement actions involving Digi Spain Telecom, S.L.U. in ES

Fine
May 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 70,000 on Digi Spain Telecom, S.L.U.. A person had filed a complaint with the DPA because the company had gi...

€70K
Fine
Jun 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 70,000 on Digi Spain Telecom, S.L.U.. A person had filed a complaint with the DPA because the company had gi...

€70K
Current
Jun 2023

Fine

€70K

Details

Fine Date

14 June 2023

Authority

Agencia Española de Protección de Datos

Fine Amount

€70,000

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Digi Spain Telecom, S.L.U. - Spain (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: