The Spanish Data Protection Agency (AEPD) issued Vodafone Spain with the highest ever fine for failing to protect user data and using aggressive telemarketing tactics. Two of the fines relate to the EU’s General Data Protection Regulation (GDPR), the third for breaching Spanish laws on digital rights and telecommunications and the fourth for violations of a Spanish law regarding cookies. The final fine totalled to $9.72m.
The AEPD’s decision came after 191 complaints were filed concerning the company’s consent and data processing practices. The AEPD stated in a decision note, that Vodafone had targeted customers with unsought calls, emails and SMS messages; all sent without the customer’s consent. This even affected customers who had opted out of being contacted by Vodafone directly about marketing communications.