Vodafone España, SAU – €30,000 Fine (Spain, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Spain fined Vodafone EUR 30,000 after fraudsters used a person's data to create a fake contract, leading to wrongful billing. This case matters because it shows companies must verify contracts and billing to protect customers. Businesses should ensure their systems can detect and correct errors quickly.
What happened
Vodafone España SAU unlawfully transmitted a customer's data to a collection agency due to a fraudulent contract and system error.
Who was affected
A Vodafone customer who was wrongly billed and pursued by a debt collection agency due to a fraudulent contract.
What the authority found
The Spanish authority determined Vodafone unlawfully shared personal data with a collection agency because there was no valid contract, violating GDPR.
Why this matters
This case highlights the importance of verifying customer contracts and billing processes to prevent fraud and errors. It underscores the need for businesses to have robust systems in place to detect and rectify such issues promptly.
GDPR Articles Cited
The Spanish DPA (AEPD) has imposed a fine on Vodafone España SAU. A data subject had filed a complaint with the AEPD against the data controller. The data subject states that he had received invoices and debits on his bank account for the payment of Vodafone services that he had not booked himself. The data subject also stated that he had been asked to pay for these services by the debt collection company I.S.G.F. Informes Comerciales, S.L.. As it turned out, fraudsters had used the data subject's personal data to conclude a service contract. Vodafone had subsequently canceled the contract for the booked services. Due to a system error, however, the outstanding invoices had not been canceled, which is why they had been forwarded to the collection agency. The AEPD determined that this transmission was unlawful due to the non-existence of a valid contract. The original fine of EUR 50,000 was reduced to EUR 30,000 due to voluntary payment and admission of guilt.
Related Enforcement Actions (7)
Other enforcement actions involving Vodafone España, SAU in ES
Fine
€30K
Details
Fine Date
15 November 2021
Authority
Agencia Española de Protección de Datos
Fine Amount
€30,000
Enforcement Tracker ID
ETid-905
About this data
Cite as: Cookie Fines. Vodafone España, SAU - Spain (2021). Retrieved from cookiefines.eu
Last updated: