Vodafone – ΠΑΝΑΦΟΝ Ανώνυμη Ελληνική Εταιρεία Τηλεπικοινωνιών – €30,000 Fine (Greece, 2026)
Vodafone – ΠΑΝΑΦΟΝ Ανώνυμη Ελληνική Εταιρεία Τηλεπικοινωνιών was fined €30,000 for not providing complete access to a customer's recorded phone calls. This is important because it emphasizes that companies must give clear and accurate information about how users can access their data. Misleading customers can lead to serious consequences.
What happened
Vodafone did not fully comply with a customer's requests for access to recorded phone calls.
Who was affected
The customer who made the access requests was affected by Vodafone's incomplete responses.
What the authority found
The Greek Data Protection Authority ruled that Vodafone obstructed the customer's right to access their data and provided misleading information.
Why this matters
This ruling serves as a reminder for companies to be transparent and accurate in their communication with customers. Proper training and clear procedures are essential to avoid similar issues.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A data subject filed a complaint against Vodafone – Panafon S.A., a telecommunications provider (the controller), with the Greek Data Protection Authority (HDPA). She had submitted three access requests seeking all recorded phone calls concerning a technical fault she had reported. The first two requests were rejected by the controller as vague, and the third request was only partially satisfied; some recordings were provided, but not all requested calls, and the controller did not inform her within one month about deficiencies in her request or the reasons for not fully complying. The data subject also alleged that the controller obstructed the exercise of the right of access to the recorded conversations in question, resulting in some of them being deleted because the prescribed retention period had expired, a risk which, as alleged, had been pointed out to the controller. In particular, she requested restriction of processing to prevent deletion of recordings after the one-year retention period, but the controller did not properly address this request. Furthermore, the controller provided misleading information through a representative regarding the manner of exercising or satisfying customers' right of access to recorded conversations concerning them. The HPDA upheld the complaint and imposed an administrative fine of €30,000. It also ordered the controller to adopt appropriate technical and organizational measures and improve staff training, with proof of compliance within six months. Specifically, it held that the controller violated Article 12(1), (2), (3), and (4) GDPR, because it failed to inform the data subject within one month of the deficiencies in the application, effectively prevented the exercise of the right and provided contradictory information, amounts to lack of transparency. Moreover, it argued that the controller breached Article 15 GDPR by failing to provide full access to all requested recorded conversations and Article 18 GDPR by not
Violations (2)
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Vodafone – ΠΑΝΑΦΟΝ Ανώνυμη Ελληνική Εταιρεία Τηλεπικοινωνιών in GR
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
11 February 2026
Authority
Hellenic Data Protection Authority
Fine Amount
€30,000
GDPRhub ID
gdprhub-9831About this data
Cite as: Cookie Fines. Vodafone – ΠΑΝΑΦΟΝ Ανώνυμη Ελληνική Εταιρεία Τηλεπικοινωνιών - Greece (2026). Retrieved from cookiefines.eu
Last updated: