Xfera Móviles S.A. – €150,000 Fine (Spain, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Xfera Móviles S.A. was fined €150,000 for continuing to send marketing SMS to a user who opted out and for mistakenly sending another user's personal data. The Spanish data protection authority found that Xfera failed to protect personal data and respect user requests. This case emphasizes the importance of respecting user privacy choices and securing personal data.
What happened
Xfera Móviles S.A. sent marketing SMS to a user who opted out and exposed another user's personal data through SMS.
Who was affected
The affected individuals were a user who received unwanted marketing messages and another user whose personal data was mistakenly shared.
What the authority found
The Spanish authority fined Xfera for failing to respect a user's opt-out request and for inadequate data security measures, violating GDPR.
Why this matters
This fine serves as a warning to companies about the need to honor user privacy preferences and secure personal data. It highlights the risks of non-compliance with data protection laws, especially regarding direct marketing and data security.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
First, a data subject filed a complaint in which indicated that they have exercised their right to object to the use of their personal data for direct marketing purposes but the defendant continued to send SMS to their mobile number. The complainant provided proof of having received more than 60 SMS within 30 days which suggests that the defendant did not fulfil the complainant’s request. Second, the same complainant indicated that they reported to the defendant that they were receiving a large number of SMS to their mobile number with confidential information about third parties. The defendant told the complainant that it had noted the incident and that it would not reoccur. However, the defendant continued to send information related to third parties to the complainant, in particular, a security code to access the platform "Mi Yoigo", to which the complainant accessed and was able to view personal data from a third party. The access given allowed the complainant to view someone else’s bills, phone number, address, bank account, account number and the possibility to make any changes in the third party’s profile. The complainant also provided proof to this effect.
Related Enforcement Actions (0)
No other enforcement actions found for Xfera Móviles S.A. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
5 March 2021
Authority
Agencia Española de Protección de Datos
Fine Amount
€150,000
GDPRhub ID
gdprhub-3229About this data
Cite as: Cookie Fines. Xfera Móviles S.A. - Spain (2021). Retrieved from cookiefines.eu
Last updated: