The Federal Commissioner for Data Protection and Freedom of Information (BfDI) has imposed two fines totaling €45 million on Vodafone following serious data protection violations, including failures to oversee partner agencies and vulnerabilities in customer authentication systems.
The penalties stem from fraudulent activities carried out by employees of partner agencies contracted by Vodafone to sell services. These included the creation of fictitious contracts and unauthorized changes to existing customer agreements, BfDI said in a press release.
A €15 million fine was issued for Vodafone’s failure to adequately monitor its data processors, a violation of Article 28(1) of the EU’s General Data Protection Regulation (GDPR). An additional €30 million fine was levied for flaws in the authentication process used by the “MeinVodafone” portal and the Vodafone customer hotline. These vulnerabilities allowed unauthorized access to sensitive data, including eSIM profiles.
BfDI Commissioner Prof. Dr. Louisa Specht-Riemenschneider noted that Vodafone had cooperated fully with the investigation and voluntarily disclosed some of the issues that ultimately led to the fines. “The fines have been accepted and already paid in full to the federal treasury,” she said.
Vodafone has since taken steps to overhaul its internal systems, tighten oversight of external partners, and improve its overall cybersecurity posture. The company has parted ways with implicated partner agencies and introduced new vetting and auditing procedures. A follow-up audit by BfDI will assess the effectiveness of these changes.
In a broader statement, Specht-Riemenschneider emphasized the importance of investing in modern IT infrastructure. “Data protection is a factor of trust for users of digital services and can therefore become a competitive advantage,” she said, urging companies to view data protection as an enabler rather than a barrier.
Need Help?
If you have questions or concerns about any German or global AI laws, reports, guidelines, and regulations, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
