The Spanish data protection authority, the AEPD, fined mobile network operator Xfera Móviles 60,000 euros for violations of the EU General Data Protection Regulation. A complainant alleged changes were made to their account without consent, a violation of Article 6(1) of the GDPR. The complainant still had their bank information and email address attached to the account; however, the owner name, address and type of internet access had been changed. (Original article is in Spanish.)
If you want to comment on this post, you need to login.