Vodafone faces $9.7m data protection penalty in Spain

285

Spanish Data Protection Agency aka Agencia Espanola De Protection De Datos (AEPD) has penalized Vodafone Spain for failing to protect the data of its customers and for indulging in fraudulent telemarketing tactics. The amount pronounced by AEPD against Vodafone is $9.72m is highest fine ever witnessed in a country against a multinational firm.

The telecommunication company will face a collective penalty because of 4 separate discrepancies in following rules – Two fines counting to $7.16m for violating GDPR, one fine for violating Spanish laws on digital rights and telecommunications accounting to $2.39m, and the final penalty of $179k for violating Spanish laws regarding browser cookies permission.


In what is known to our Cybersecurity Insiders, the penalty was imposed by the data watchdog i.e AEPD as it received over 191 complaints against Vodafone Spain for failing to follow certain data processing standards intended to keep the privacy of its users intact.

Also, as the telecom giant indulged in unsolicited calls and emails to its customers (without consent) it has been penalized, says the Spanish data watchdog.

What’s interesting in this entire saga is that Vodafone isn’t aware of which of its customers opted out of its communications or marketing campaigns, as it has outsourced this activity to a third party that stopped updating it with the latest long back for reasons.

Note 1- Spanish Data Protection Agency imposed a penalty of $7.04m to CaizaBank in January 2021.

Note 2- Founded in 1995, Vodafone Spain is a part of Vodafone Group that has its business presence in over 26 countries spread across 5 continents. It is known to offer services related to mobile data, broadband and voice and pretty soon will soon launch a business related to IoT in United Kingdom.