Vodafone España was fined a record €8.15 million ($9.7 million) for multiple and repeat violations of the GDPR. The penalty was announced by the Spanish Data Protection Agency (Agencia Espanola Proteccion Datos), which investigated all telecommunication providers who offer services in the country, responding to 191 complaints submitted to them. It is indicative that 162 of these complaints concern Vodafone.
The investigation of AEPD revealed that Vodafone España had violated Art. 28 GDPR, Art. 24 GDPR, Art. 44 GDPR, Art. 21 LSSI, Art. 48 (1) b) LGT, Art. 21 GDPR, Art. 23 LOPDGDD. To make matters worse, Vodafone Spain had done the same between January 2018 and February 2020, when it received another fine for the same reason. Also, the telco has received over 50 warnings from the data protection authorities, yet they keep on ignoring GDPR and its requirements.
The regulator focuses on the practice of making approximately 200 million marketing phone calls to potential customers, even though these people had opted out. Instead of accepting the mistake and promising to change course, Vodafone Spain has announced that they feel that they didn’t do anything wrong and plan to appeal the decision.
It is also notable that Vodafone Italy was fined €12.25 million ($14.6 million) back in November 2020 for similar GDPR violations arising from aggressive telemarketing practices. It seems that Vodafone, in general, cannot accept the fact that calling people who have specifically asked to be removed from these catalogs violates their rights. Or maybe the firm converts so many of them into subscribers that paying these fines makes business sense.
According to AEPD, the problem lies in Vodafone’s decision to outsource these marketing actions to third parties that don’t have any way to verify who has opted out of marketing communications. As the data protection agency comments, Vodafone could have the organizational and technical methods in place to ensure that these checks take place, but they continue to disregard all that.