ORANGE ESPAGNE S.A.U. – €200,000 Fine (Spain, 2024)

€200,000Agencia Española de Protección de Datos23 January 2024Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Orange Espagne S.A.U. was fined €200,000 for giving a duplicate SIM card to a fraudster without checking their identity or getting consent. This mistake allowed the fraudster to access a person's bank account and make unauthorized transactions. It highlights the importance of verifying identities before sharing sensitive information.

What happened

Orange Espagne S.A.U. shared a duplicate SIM card with an unauthorized third party without verifying their identity.

Who was affected

A person whose SIM card was duplicated and used by a fraudster to access their bank account.

What the authority found

The Spanish data protection authority found that Orange Espagne failed to obtain consent and verify the identity of the third party, violating GDPR requirements.

Why this matters

This case shows that companies must take extra care when handling personal information to prevent fraud. It serves as a reminder for businesses to implement strict identity verification processes.

GDPR Articles Cited

AI-verified

Art. 6(1) GDPR
View original scraped data
Art. 6(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll ORANGE ESPAGNE S.A.U. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 200,000 on Orange Espagne S.A.U.. A person had filed a complaint with the DPA because the company had given a duplicate of their SIM card to an unauthorized fraudulent third party without their consent. During its investigation, the DPA found that the company failed to verify the identity of the third party or obtain the data subject's consent to share their data. This allowed the fraudsters to gain access to the data subject's bank account and make unauthorized transactions.

Related Enforcement Actions (2)

Other enforcement actions involving ORANGE ESPAGNE S.A.U. in ES

Fine
Aug 2020· Agencia Española de Protección de Datos

A customer of the data controller filed a complaint with the Spanish DPA (AEPD), alleging that up to six phone lines had been opened in his name despi...

€80K
Fine
Mar 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 100,000 on ORANGE ESPAGNE S.A.U.. A customer who had purchased a cell phone from ORANGE had filed a complain...

€100K
Current
Jan 2024

Fine

€200K

Details

Fine Date

23 January 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€200,000

Enforcement Tracker ID

ETid-2250

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. ORANGE ESPAGNE S.A.U. - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: