Sanction of the operator Orange España: lack of verification the identity of the person concerned

Sanction of the operator Orange España: lack of verification the identity of the person concerned
Maëva Vidal
3 minutes read time

The Spanish Data Protection Agency (AEPD) has fined Orange Spain €30,000 for illegally registering a telephone line in the name of a customer without verifying the customer's identity.

The facts

An individual files a complaint against the company for having registered a telephone line in his name without his consent.

He claims to have been a victim of identity theft. He received a call from the Granada police informing him that a fraudulent crime had been committed with the phone number in question.

He accused the company of having introduced the personal data into its information systems without verifying the identity of the person who contracted.

As a reminder, Article 6.1 of the General Data Protection Regulation (GDPR) states that there are six possible legal bases for data processing, one of which is the consent of the person (Art. 6.1.a).

The AEPD considered that the company violated the lawfulness of the processing of personal data, since it formalized a cell phone contract, using the complainant as the holder of the contract, without duly verifying the complainant's data, which resulted in the impersonation of the complainant.

This being the case, Orange Spain violated Article 6.1 of the GDPR, which ensures that personal data is processed lawfully, since it didn't have the consent of the data subject.

The company should have verified the identity of the customer to ensure consent.


newsletter

Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution*

*You will always be able to unsubscribe on each newsletter. Learn more.

European Hospital x Dastra

Victor BISSON, Data Protection Officer at the European Hospital in Marseille, agreed to testify on the choice of Dastra by the hospital to m...

Api restauration x Dastra

Discover the testimony of Anaïs Bourbon, Data Protection Officer (DPO) and Sapin II Compliance Officer

Release note 1.5.4: You won't believe what our new calendar can do!

A new calendar 📅, a secure EDM 🔐 and much more. Check out these new features that will boost your productivity!

Vincent Portier

DPOs and CISOs, how to work together?

DPO and CISO, what areas of collaboration? Download our white paper written by our specialists.

A small step for DPOs, a big step for data protection

Dastra.eu is free to try, easy to set up, and work seamlessly together.

Startup for free Ask for a demo

Free 30 day trial - No credit card required - No commitment