AEPD (Spain) - PS/00249/2021: Difference between revisions
(Created page with "{{DPAdecisionBOX |Jurisdiction=Spain |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoES.jpg |DPA_Abbrevation=AEPD (Spain) |DPA_With_Country=AEPD (Spain) |Case_Number_Na...") |
mNo edit summary |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 44: | Line 44: | ||
|Appeal_To_Link= | |Appeal_To_Link= | ||
|Initial_Contributor=Carmen Villarroel | |Initial_Contributor=[https://gdprhub.eu/index.php?title=User:Carmen.villarroel Carmen Villarroel] | ||
| | | | ||
}} | }} | ||
The Spanish DPA fined Vodafone €80,000 (reduced to €64,000) for | The Spanish DPA fined Vodafone €80,000 (reduced to €64,000) for allowing a third party to enter a contract with the personal data of another data subject, without their knowledge or consent, since Vodafone did not have a system in place to verify their identity. | ||
== English Summary == | == English Summary == | ||
Line 60: | Line 60: | ||
The AEPD deemed that Vodafone was responsible for these facts, since they did not have a system in place that allowed to verify the identity of the contracting person, so any person could use others' personal data to enter a contract with Vodafone. | The AEPD deemed that Vodafone was responsible for these facts, since they did not have a system in place that allowed to verify the identity of the contracting person, so any person could use others' personal data to enter a contract with Vodafone. | ||
This led to the situation that allowed a third person to use the data subject's personal data to enter the contract without their consent. Therefore, Vodafone was processing personal data of the data subject without | This led to the situation that allowed a third person to use the data subject's personal data to enter the contract without their consent. Therefore, Vodafone was processing personal data of the data subject without a legal ground. | ||
For this, the AEPD fined Vodafone €80,000, that were reduced to €64,000 for voluntary payment, for a violation of [[Article 6 GDPR#1|Article 6(1) GDPR]]. | For this, the AEPD fined Vodafone €80,000, that were reduced to €64,000 for voluntary payment, for a violation of [[Article 6 GDPR#1|Article 6(1) GDPR]]. |
Latest revision as of 14:27, 24 November 2022
AEPD (Spain) - PS/00249/2021 | |
---|---|
Authority: | AEPD (Spain) |
Jurisdiction: | Spain |
Relevant Law: | Article 6(1) GDPR |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | |
Published: | 26.10.2021 |
Fine: | 80000 EUR |
Parties: | VODAFONE ESPAÑA, S.A.U. |
National Case Number/Name: | PS/00249/2021 |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | Spanish |
Original Source: | AEPD (in ES) |
Initial Contributor: | Carmen Villarroel |
The Spanish DPA fined Vodafone €80,000 (reduced to €64,000) for allowing a third party to enter a contract with the personal data of another data subject, without their knowledge or consent, since Vodafone did not have a system in place to verify their identity.
English Summary
Facts
A data subject filed a complaint with the Spanish DPA (AEPD) alleging that Vodafone had contracted with them services that they had not requested with their personal data, and that they had received an invoice for those services that they had not contracted. The AEPD launched an investigation.
Holding
The AEPD discovered that a third person had contracted Vodafone's services using the data subject's personal data, since the data subject had an associated phone line at Vodafone that included the data of the third person. Vodafone had issued a invoice to the data subject for such phone line and other non-contracted services.
The AEPD deemed that Vodafone was responsible for these facts, since they did not have a system in place that allowed to verify the identity of the contracting person, so any person could use others' personal data to enter a contract with Vodafone.
This led to the situation that allowed a third person to use the data subject's personal data to enter the contract without their consent. Therefore, Vodafone was processing personal data of the data subject without a legal ground.
For this, the AEPD fined Vodafone €80,000, that were reduced to €64,000 for voluntary payment, for a violation of Article 6(1) GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.