Details:
| Summary | The Spanish DPA (AEPD) has imposed a fine on Vodafone España SAU. A data subject had filed a complaint with the AEPD against the data controller. The data subject states that he had received invoices and debits on his bank account for the payment of Vodafone services that he had not booked himself. The data subject also stated that he had been asked to pay for these services by the debt collection company I.S.G.F. Informes Comerciales, S.L.. As it turned out, fraudsters had used the data subject’s personal data to conclude a service contract. Vodafone had subsequently canceled the contract for the booked services. Due to a system error, however, the outstanding invoices had not been canceled, which is why they had been forwarded to the collection agency. The AEPD determined that this transmission was unlawful due to the non-existence of a valid contract. The original fine of EUR 50,000 was reduced to EUR 30,000 due to voluntary payment and admission of guilt. |
| Link: | link |
| Related articles: | Art. 6 (1) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 30,000 |
| Sector | Media, Telecoms and Broadcasting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/