Details:
| Summary | The Spanish DPA (AEPD) imposed a fine of EUR 75,000 on Telefónica Móviles España, SAU. The controller had assigned five telephone lines with five numbers to the data subject as part of a mobile phone contract. One of the numbers was used by her son. When he was no longer able to use the mobile data, he contacted the controller. The controller informed him that the mobile data had been deactivated because the number was no longer in his possession. It turned out that unauthorized third parties had pretended to be the data subject and had the number transferred to a third party without the controller requiring authentication for this. Thereupon the unauthorized third parties had requested and received a replacement SIM card under the pretense of an alleged loss or theft. As a result, the son’s SIM card was blocked. |
| Link: | link |
| Related articles: | Art. 6 (1) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 75,000 |
| Sector | Media, Telecoms and Broadcasting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/