(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Comunicate
/
Administrative fines imposed by Spanish Data Protection Authority on several mobile phone companies for a loss of confidentiality related to mobile phone SIM cards duplicate

Administrative fines imposed by Spanish Data Protection Authority on several mobile phone companies for a loss of confidentiality related to mobile phone SIM cards duplicate

img 802 Views

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fines imposed by Spanish Data Protection Authority (SA) on several mobile phone companies for a loss of confidentiality related to mobile phone SIM cards duplicate.

The Spanish SA initiated investigations following various claims as a result of the issuance of duplicate SIM cards to third parties other than subscribers. Consequently, the holders of the telephone line are not only left without service, but the third parties access their bank accounts. As a result of the investigations, the Spanish SA identified vulnerabilities in the implemented operating procedures: duplication of SIM cards without the consent of their legitimate holders; accesses of confidential information for criminal purposes (known as “SIM Swapping”); personal data processed to issue a duplicate SIM card (Subscriber Identity Module), which unequivocally identifies the subscriber on the network processed contrary to data protection regulations; the measures implemented by mobile phone companies were insufficient, so they generated a loss of confidentiality and the transfer of personal data to a third party; the lack of accountability by not having implemented an effective GDPR compliance and management model to avoid the risk of identity theft, in relation to the absence of adequate security measures and aimed at ensuring the procedure of identification and delivery of the SIM card and the delayed temporary reaction to the events described, in addition to the inadequacy of the measures taken.

In this context, Spanish Data Protection Authority applied a fine in the amount of EUR 900 000 to TELEFÓNICA MÓVILES ESPAÑA, a fine in the amount of EUR 70 000 to ORANGE ESPAÑA VIRTUAL, a total fine in the amount of EUR 3 940 000 to VODAFONE ESPAÑA and a fine in the amount of EUR 200 000 to XFERA MÓVILES, S.A for a loss of confidentiality related to mobile phone SIM cards duplicate.

The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.

img
Reprezentanții Inspectoratului de Poliție Hâncești instruiți în domeniul protecției datelor cu caracter personal

       La data de 10 iunie 2026, Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a organizat un curs de instruire destinat angajaților Inspectoratului de Poliție Hâncești, în conformitate cu Planul de instruiri în cadrul subdiviziunilor Inspectoratului General al Poliției pentru anul 2026, aprobat și semnat de către conducătorii CNPDCP și IGP […]

img 118 Views
img
Reprezentanții Asociației Medicale Teritoriale Rîșcani, instruiți în domeniul protecției datelor cu caracter personal

       La data de 9 iunie 2026, reprezentanții Centrului Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) au desfășurat un curs de instruire destinat angajaților Asociației Medicale Teritoriale Rîșcani (AMT), organizat la solicitarea instituției.        Activitatea a avut drept scop consolidarea cunoștințelor personalului privind aplicarea corectă a normelor în domeniul protecției […]

img 116 Views
img Video gallery
img Information