VODAFONE SERVICIOS, S.L.U. – €40,000 Fine (Spain, 2021)

€40,000Agencia Española de Protección de Datos26 October 2021Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Vodafone was fined €40,000 by the Spanish data protection authority for not verifying a customer's identity before setting up a mobile contract. This led to fraudsters using the customer's personal data to create a fake account. The case highlights the importance of verifying customer information to prevent identity theft.

What happened

Vodafone allowed fraudsters to set up a mobile phone contract using a customer's personal data without verifying the identity.

Who was affected

A Vodafone customer whose personal data was used by fraudsters to create a fake mobile contract.

What the authority found

The Spanish authority fined Vodafone for not having a valid legal basis for processing personal data, as they failed to verify the customer's identity.

Why this matters

This case underscores the need for companies to implement strong identity verification processes to protect customers from fraud. It serves as a warning to businesses about the risks of inadequate data handling practices.

GDPR Articles Cited

Art. 6(1) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll VODAFONE SERVICIOS, S.L.U. actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) has imposed a fine on VODAFONE SERVICIOS, S.L.U.. A data subject filed a complaint with the DPA against the controller. The data subject is a client of the controller. When he checked his bills on the official website 'MY VODAFONE' last December, he found that he had four outstanding bills, but he could not access them. He had also received a number of requests to pay them. He was informed that there was a parallel account at Vodafone with details that partly corresponded to those of him. As it turned out, fraudsters had concluded a mobile phone contract using the personal data of the data subject. However, the personal data had been entered into the company's information systems without any verification that the contract was lawful and had actually been concluded by the data subject. The original fine of EUR 50,000 was reduced to EUR 40,000 due to voluntary payment.

Related Enforcement Actions (1)

Other enforcement actions involving VODAFONE SERVICIOS, S.L.U. in ES

Fine
Oct 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine on VODAFONE SERVICIOS, S.L.U.. A data subject has filed a complaint with the AEPD against the data controlle...

€40K
Current
Oct 2021

Fine

€40K

Details

Fine Date

26 October 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€40,000

Enforcement Tracker ID

ETid-888

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. VODAFONE SERVICIOS, S.L.U. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: