The Spanish Data Protection Authority (AEPD) imposed a fine of 70.000 EUR on XFERA MOVILES for disclosing a customer’s personal data to a third party.
The claimant was informed by another customer of Masmovil that, because of a company’s mistake, they had been charged with a claimant’s bill, and thus had access to their personal data (name, surname ID card number, and personal phone number).
The AEPD considered that this constitutes a breach of the principle of confidentiality, established in Article 5(1)(f) of the GDPR.
You can read the text of the decision here.
For further information, please contact the Spanish DPA: firstname.lastname@example.org