Vodafone España, S.A.U. – €54,000 Fine (Spain, 2021)

€54,000Agencia Española de Protección de Datos4 January 2021Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Vodafone España was fined for mixing up a customer's data with someone else's due to a system error. The company failed to correct the mistake promptly, affecting the customer's privacy. This case shows the importance of maintaining accurate data records.

What happened

Vodafone España delivered products under a customer's contract in the name of a third party due to a system error.

Who was affected

The customer whose data was incorrectly recorded and used by Vodafone España.

What the authority found

The Spanish DPA ruled that Vodafone España violated GDPR by not maintaining accurate data and failing to address the customer's correction request.

Why this matters

This case highlights the critical need for companies to ensure data accuracy and respond promptly to correction requests. It serves as a reminder to regularly audit data systems to prevent errors.

GDPR Articles Cited

Art. 5(1)(d) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Vodafone España, S.A.U. actions
Full Legal Summary
Detailed

The data subject had concluded a contract with the controller (Vodafone España, S.A.U.). However, the products provided under this contract were not delivered in the name of the data subject, but in the name of a third party. Subsequently, the data subject contacted the company's data protection officer by e-mail in order to restore the accuracy of his/her data stored at Vodafone. However, no response was received to this request. When the data subject finally contacted the telecommunications company by telephone, he/she was addressed by the name of the third party. His/her inquiry was answered with a response that did not refer to his/her inquiry, but to the inquiry of the third party. According to the telecommunications company, the incident was caused by a defect in their system due to a system migration. The Spanish DPA (AEPD) initially fined Vodafone España, S.A.U. EUR 90,000, but the original fine was reduced to EUR 54,000 due to the timely payment and admission of guilt.

Related Enforcement Actions (20)

Other enforcement actions involving Vodafone España, S.A.U. in ES

Fine
Jan 2019· Agencia Española de Protección de Datos

Vodafone had processed personal data of the claimant (bank details, name, surname and national identification number) years after the contractual rela...

€21K
Fine
Oct 2019· Agencia Española de Protección de Datos

The claimant, whose data had been provided to the company by his daughter, as authorised by him, received a call from the company offering its service...

€36K
Fine
Jan 2020· Agencia Española de Protección de Datos

The company had sent a contract with personal data, including the applicant's name, address and telephone number, to the wrong recipient.

€44K
Fine
Feb 2020· Agencia Española de Protección de Datos

The fine preceded the complaint by the data subject, who argued that Vodafone España had signed a contract for the transfer of a telephone subscriptio...

€75K
Fine
Mar 2020· Agencia Española de Protección de Datos

According to the AEPD, the company sent two SMS to an clients mobile number informing about a rate change in its contract and confirming the purchase ...

€24K
Current
Jan 2021

Fine

€54K

Fine
Feb 2021· Agencia Española de Protección de Datos

The claimant complained to the Spanish DPA (AEPD) that he/she was still receiving invoicing emails from Vodafone España, S.A.U. despite no longer bein...

€120K
Fine
Mar 2021· Agencia Española de Protección de Datos

Since 2018, the Spanish DPA (AEPD) had received a total of 191 complaints against Vodafone España, S.A.U. The data subjects complained about advertisi...

€8.2M
Fine
Mar 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 60,000 on Vodafone Spain. The data subject had been a customer of the controller several years ago. After...

€60K
Fine
Apr 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine of EUR 150,000 on Vodafone España S.A.U.. Three data subjects had filed complaints with the AEPD against the...

€90K
Fine
May 2021· Agencia Española de Protección de Datos

A data subject filed a complaint with the Spanish DPA (AEPD) against Vodafone as they received a phone call with commercial purposes from the company ...

€100K
Fine
May 2021· Agencia Española de Protección de Datos

Failure to provide information to the Spanish DPA (AEPD) within the required timeframe in violation of Art. 58 GDPR. The original fine of EUR 5,000 wa...

€3K
Fine
Aug 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine on Vodafone España, S.A.U.. A data subject had filed a complaint with the DPA against the controller for fai...

€96K
Fine
Sept 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine on Vodafone España, S.A.U. for insufficient legal basis for data processing. The data subject stated that two te...

€40K
Fine
Oct 2021· Agencia Española de Protección de Datos

The case involved unsolicited promotional emails sent without consent, not related to cookies or consent banners.

€70K
Fine
Oct 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine on Vodafone España, S.A.U. due to insufficient legal basis for data processing. The data subject had filed a com...

€64K
Fine
Feb 2022· Agencia Española de Protección de Datos

The Spanish DPA has fined Vodafone España, S.A.U. EUR 3.94 million. Nine Vodafone customers had filed complaints with the DPA. In the course of its in...

€3.9M
Fine
May 2022· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine on Vodafone España S.A.U.. A data subjects had filed a complaint with the AEPD against the controller. The d...

€42K
Fine
Mar 2023· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine on Vodafone España, S.A.U. A data subject had filed a complaint against the data controller as unauthorized ...

€136K
Fine
Apr 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on Vodafone España, S.A.U.. A person had filed a complaint with the DPA because the company had given a duplicate o...

€112K
Fine
Sept 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on Vodafone España, S.A.U.. A person had filed a complaint with the DPA because the company had given a duplicate o...

€80K

Details

Fine Date

4 January 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€54,000

Enforcement Tracker ID

ETid-506

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Vodafone España, S.A.U. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: