Hard setback against the four largest mobile phone operators in Spain. This Thursday, the Spanish Data Protection Agency (AEPD) imposed a fine of up to 5.81 million from euros to Vodafone, Telephone, MoreMobile Y Orange for failing to comply with European regulations and not adequately protecting the personal information of its users during the processing of SIM cards.
The national regulator has established that Vodafone will have to pay 3.94 million fine, while Telefónica must pay 900,000 euros; Orange, 770,000; and MásMóvil, 200,000. This is because the four ‘telecos’ seriously violated the General Data Protection Regulation (RGPD) by not guaranteeing the confidentiality or integrity of the personal data of its users, most of which were affected in 2019.
The case of Vodafone is even more serious, since the resolutions of the AEPD establish an aggravating circumstance for negligence because the company only corrected this infringement of European laws when the regulator notified it and not after being aware of it. Thus, Vodafone would not have acted despite knowing that the data of its users had not been properly processed. “This has aggravated the damage to those affected,” reads the agency’s resolution.
Victims of cyber attacks
In 2019, several users filed claims against the four operators denouncing that they had been victims of a identity fraud. In those cases, a third person had pretended to be the owner of the line to fraudulently make a duplicate of the mobile SIM card and thus have access to the passwords of their bank accounts.
Vodafone has been the only ‘teleco’ that has reacted to the decision of the AEPD and, in a statement, has labeled the fine “disproportionate” and “inappropriate” considering that it is not responsible for the bank crimes that were perpetrated against the users of their telephone lines, holding the security systems of those entities responsible for what happened.