Telefónica Móviles España, SAU – €75,000 Fine (Spain, 2021)

€75,000Agencia Española de Protección de Datos21 January 2021Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Telefónica Móviles España, SAU was fined EUR 75,000 after unauthorized people pretended to be a customer and transferred a phone number without proper checks. This led to a SIM card being wrongly issued, blocking the real user's access. Companies must ensure robust identity verification to protect customer data.

What happened

Telefónica allowed unauthorized third parties to transfer a customer's phone number without proper authentication.

Who was affected

The affected individuals were customers whose phone numbers were transferred without their consent, impacting their service access.

What the authority found

The Spanish DPA ruled that Telefónica failed to authenticate users properly, violating GDPR's requirement for secure data processing.

Why this matters

This case highlights the importance of strong identity verification processes to prevent unauthorized access to personal data. Businesses should review their security measures to protect customer information.

GDPR Articles Cited

Art. 6(1) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Telefónica Móviles España, SAU actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) imposed a fine of EUR 75,000 on Telefónica Móviles España, SAU. The controller had assigned five telephone lines with five numbers to the data subject as part of a mobile phone contract. One of the numbers was used by her son. When he was no longer able to use the mobile data, he contacted the controller. The controller informed him that the mobile data had been deactivated because the number was no longer in his possession. It turned out that unauthorized third parties had pretended to be the data subject and had the number transferred to a third party without the controller requiring authentication for this. Thereupon the unauthorized third parties had requested and received a replacement SIM card under the pretense of an alleged loss or theft. As a result, the son's SIM card was blocked.

Related Enforcement Actions (2)

Other enforcement actions involving Telefónica Móviles España, SAU in ES

Fine
Jul 2020· Agencia Española de Protección de Datos

The data subject's account was debited for two telephone lines that he had never ordered or approved. This constituted unlawful processing of personal...

€70K
Fine
Jul 2020· Agencia Española de Protección de Datos

Telefónica Móviles España has processed the personal data of a data subject, such as first and last name and bank details, in order to activate three ...

€55K
Current
Jan 2021

Fine

€75K

Details

Fine Date

21 January 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€75,000

Enforcement Tracker ID

ETid-534

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Telefónica Móviles España, SAU - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: