Vodafone ONO – €100,000 Fine (Spain, 2021)

A data subject filed a case before the Spanish DPA (AEPD) for receiving unsolicited commercial calls on behalf of Vodafone, even after explicitly exercising their right to object and right to erasure as per Articles 21 and 17 GDPR. The data subject had also signed up for the Robinson List. The Spanish DPA investigated the case and applied the national [https://www.boe.es/buscar/act.php?id=BOE-A-2014-4950 Telecommunications Act]. Particularly, the DPA found a violation of Article 48(1)(b) of this law, setting the right to object to unsolicited communications. The DPA then considered the violation as serious, following Article 77 of the same law. Specifically, the reasons why the violation was deemed as serious are: (a) the previous offences committed by Vodafone, (b) the benefit derived to Vodafone by the infringement, (c) the damage caused and its reparation, (d) the non-cessation of the infringing activity. For these reasons, the Spanish DPA imposed a fine of €100,000 to Vodafone, reduced a 20% (to €80,000) because of early payment.