Vodafone España, S.A.U. – €40,000 Fine (Spain, 2021)

€40,000Agencia Española de Protección de Datos14 September 2021Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Vodafone España was fined €40,000 for not checking if contracts were signed by the real person. Fraudsters used someone's personal details to open phone lines without their knowledge. This case shows companies need to verify customer identities to prevent fraud.

What happened

Vodafone España registered two phone lines in a person's name without verifying the contracts were legitimate.

Who was affected

A person whose identity was used by fraudsters to open phone lines without their consent.

What the authority found

The Spanish DPA ruled that Vodafone lacked a valid legal basis for processing personal data, as they failed to verify the authenticity of the contracts.

Why this matters

This ruling highlights the importance of identity verification for companies to prevent fraud. Businesses should ensure they have proper checks in place to confirm customer identities before processing personal data.

GDPR Articles Cited

Art. 6(1) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Vodafone España, S.A.U. actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) imposed a fine on Vodafone España, S.A.U. for insufficient legal basis for data processing. The data subject stated that two telephone lines were registered in his name, for each of which charges were made. However, the data subject had never concluded contracts with the company for either of these lines. Rather, the contracts in question were concluded by fraudsters using the data subject's personal data. Nevertheless, the personal data was entered into the company's information systems without any verification as to whether the contracts had been lawfully and actually concluded by the data subject. The contracts were concluded even though they were not signed and the information provided by the fraudster, such as the address or date of birth, did not match those on the data subject's ID card. The original fine of EUR 50,000 was reduced to EUR 40,000 due to voluntary payment.

Related Enforcement Actions (20)

Other enforcement actions involving Vodafone España, S.A.U. in ES

Fine
Jan 2019· Agencia Española de Protección de Datos

Vodafone had processed personal data of the claimant (bank details, name, surname and national identification number) years after the contractual rela...

€21K
Fine
Oct 2019· Agencia Española de Protección de Datos

The claimant, whose data had been provided to the company by his daughter, as authorised by him, received a call from the company offering its service...

€36K
Fine
Jan 2020· Agencia Española de Protección de Datos

The company had sent a contract with personal data, including the applicant's name, address and telephone number, to the wrong recipient.

€44K
Fine
Feb 2020· Agencia Española de Protección de Datos

The fine preceded the complaint by the data subject, who argued that Vodafone España had signed a contract for the transfer of a telephone subscriptio...

€75K
Fine
Mar 2020· Agencia Española de Protección de Datos

According to the AEPD, the company sent two SMS to an clients mobile number informing about a rate change in its contract and confirming the purchase ...

€24K
Fine
Jan 2021· Agencia Española de Protección de Datos

The data subject had concluded a contract with the controller (Vodafone España, S.A.U.). However, the products provided under this contract were not d...

€54K
Fine
Feb 2021· Agencia Española de Protección de Datos

The claimant complained to the Spanish DPA (AEPD) that he/she was still receiving invoicing emails from Vodafone España, S.A.U. despite no longer bein...

€120K
Fine
Mar 2021· Agencia Española de Protección de Datos

Since 2018, the Spanish DPA (AEPD) had received a total of 191 complaints against Vodafone España, S.A.U. The data subjects complained about advertisi...

€8.2M
Fine
Mar 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 60,000 on Vodafone Spain. The data subject had been a customer of the controller several years ago. After...

€60K
Fine
Apr 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine of EUR 150,000 on Vodafone España S.A.U.. Three data subjects had filed complaints with the AEPD against the...

€90K
Fine
May 2021· Agencia Española de Protección de Datos

A data subject filed a complaint with the Spanish DPA (AEPD) against Vodafone as they received a phone call with commercial purposes from the company ...

€100K
Fine
May 2021· Agencia Española de Protección de Datos

Failure to provide information to the Spanish DPA (AEPD) within the required timeframe in violation of Art. 58 GDPR. The original fine of EUR 5,000 wa...

€3K
Fine
Aug 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine on Vodafone España, S.A.U.. A data subject had filed a complaint with the DPA against the controller for fai...

€96K
Current
Sept 2021

Fine

€40K

Fine
Oct 2021· Agencia Española de Protección de Datos

The case involved unsolicited promotional emails sent without consent, not related to cookies or consent banners.

€70K
Fine
Oct 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine on Vodafone España, S.A.U. due to insufficient legal basis for data processing. The data subject had filed a com...

€64K
Fine
Feb 2022· Agencia Española de Protección de Datos

The Spanish DPA has fined Vodafone España, S.A.U. EUR 3.94 million. Nine Vodafone customers had filed complaints with the DPA. In the course of its in...

€3.9M
Fine
May 2022· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine on Vodafone España S.A.U.. A data subjects had filed a complaint with the AEPD against the controller. The d...

€42K
Fine
Mar 2023· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine on Vodafone España, S.A.U. A data subject had filed a complaint against the data controller as unauthorized ...

€136K
Fine
Apr 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on Vodafone España, S.A.U.. A person had filed a complaint with the DPA because the company had given a duplicate o...

€112K
Fine
Sept 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on Vodafone España, S.A.U.. A person had filed a complaint with the DPA because the company had given a duplicate o...

€80K

Details

Fine Date

14 September 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€40,000

Enforcement Tracker ID

ETid-845

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Vodafone España, S.A.U. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: