The Spanish Data Protection Authority (AEPD) imposed a fine of 70.000 EUR on XFERA MOVILES for disclosing a customer’s personal data to a third party.
The claimant was informed by another customer of Masmovil that, because of a company’s mistake, they had been charged with a claimant’s bill, and thus had access to their personal data (name, surname ID card number, and personal phone number).
The AEPD considered that this constitutes a breach of the principle of confidentiality, established in Article 5(1)(f) of the GDPR.
You can read the text of the decision here.
For further information, please contact the Spanish DPA: firstname.lastname@example.org
The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA's website or other channels of communication, the news item is only available in English or in the Member State's official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.