AEPD (Spain) - EXP202306073

Holding |Publication Date=05.01.2026|Publication Date=05.01.2026 |Year=|Year= |Fine=400,000|Fine=300,000 |Currency=EUR|Currency=EUR }}}} The Data Protection Authority has imposed a fine of 400,000 euros on a telecommunications company for the unlawful modification of the ownership of a mobile phone subscription and the issuance of a dual SIM card without proper identity verification, violating [[Article 6 of the GDPR|Article 6 of the GDPR]], in connection with a SIM swapping fraud. The Data Protection Authority has imposed a fine of 400,000 euros on a telecommunications company for the unlawful modification of the ownership of a mobile phone subscription and the issuance of a dual SIM card without proper identity verification, violating [[Article 6 of the GDPR]], in connection with a SIM swapping fraud. == Summary in English == == Summary in English == The AEPD (Spanish data protection authority) rejected the argument of the responsible party that the processing was lawful based on the execution of a contract. The AEPD stated that, due to the lack of proper identity verification, the responsible party could not rely on [[Article 6(1)(b) of the GDPR|Article 6(1)(b)]] because they had not ensured that the request originated from the data subject or with their consent. The AEPD rejected...

This content has been automatically translated using machine translation. The original version is available in the source language.

This content was automatically translated using machine translation. The original version is available in the source language.