Vamavi Phone SL – €24,000 Fine (Spain, 2021)

The complainant filed a complaint as they received a commercial call on behalf of "Vodafone España, SAU" despite being listed on the Robinson List (advertising exclusion list). The Spanish DPA (AEPD) therefore began an investigation to clarify the facts at stake. This revealed that Vamavi Phone SL was responsible for the data processing. Vamavi had made the commercial call to the Claimant on behalf of Vodafone España, SAU. Does a commercial call made by a processor to a claimant on the Robinson List entail a breach of Article 48(1) LGT, Article 21 GDPR in link with Article 23 LOPDGDD and Article 28 GDPR? The Spanish DPA (AEPD) held that the facts in question indicated a breach of Article 48(1)(b) of the Spanish Law on General Telecommunications (LGT) by Vamavi. This provision outlines that individuals have the right to oppose receiving unwanted calls for commercial communication purposes. The DPA went on to outline that this must be read in light of Article 21 GDPR (right to object) and Article 23 of the Spanish Law on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD). The DPA held that by acting on behalf of Vodafone, Vamavi acted as a data processor within the meaning of Article 28 GDPR. Vamavi was nonetheless the one found responsible for the data processing in question. As Vamavi made a voluntary, early and guilty payment, the fine paid was reduced to €24,000 (rather than the original fine of €40,000).