Changeflow GovPing Data Protection AEPD Resolution: Simyo Denied Voice Recording A...
Priority review Enforcement Amended Final

AEPD Resolution: Simyo Denied Voice Recording Access

AEPD Resolutions (Spain DPA)
Filed October 21st, 2025
Detected February 13th, 2026
Email Set alert

Summary

The Spanish Data Protection Agency (AEPD) issued a resolution against Simyo (Orange España Virtual, S.L.) for denying a consumer's right of access to voice recordings related to a SIM swap. Simyo initially conditioned access on a judicial order, which is not required by law, but later provided the recordings after the complaint.

View original document View source feed page

What changed

The Spanish Data Protection Agency (AEPD) has issued a resolution concerning a complaint against Simyo (Orange España Virtual, S.L.) regarding the denial of a consumer's right of access to voice recordings. The complainant requested recordings of a SIM swap process that allegedly occurred without their consent, citing identity theft. Simyo initially refused to provide the recordings, stating they would only be released under judicial order, a requirement not stipulated by data protection law (LOPDGDD).

This case highlights the importance of correctly applying data protection rights, specifically the right of access. Regulated entities must ensure they do not impose unlawful conditions, such as requiring judicial orders, for fulfilling such requests. While Simyo eventually complied after the complaint was filed, this action underscores the potential for enforcement and the need for clear internal procedures to handle data access requests, especially in cases involving potential fraud or identity theft. Failure to comply with data protection rights can lead to investigations and resolutions by data protection authorities.

What to do next

  1. Review internal policies for handling data subject access requests, particularly concerning voice recordings and sensitive transactions.
  2. Ensure staff are trained on the legal requirements for fulfilling data access requests under the LOPDGDD, without imposing undue conditions.
  3. Verify that procedures for handling complaints related to identity theft and unauthorized data access are robust and compliant with data protection regulations.

Related changes

GDPR Resolution Fines Company 1,400 Euros for Unsolicited Email
Priority review Mar 05, 2026 AEPD Resolutions (Spain DPA) Data Protection
GDPR Fine of €4,000,000 Imposed on MODEL REYNA, C.B.
Urgent Mar 02, 2026 AEPD Resolutions (Spain DPA) Data Protection
AEPD Rejects TALENTO MOTOR S.L. Appeal
Routine Feb 26, 2026 AEPD Resolutions (Spain DPA) Data Protection
Virginia AG Reminds Consumers of Data Privacy Rights Under VCDPA
Routine Mar 05, 2026 VA Attorney General News Releases Compliance Legal
DOJ Rules on Bulk Sensitive Personal Data Transfers
Priority review Mar 05, 2026 JD Supra Trade Law Trade & Export
Florida AG Forms Unit to Combat Foreign Data Threats
Priority review Mar 05, 2026 JD Supra Trade Law Trade & Export

Source

AEPD Resolutions (Spain DPA) aepd.es/es/informes-y-resoluciones/resoluciones
Data Protection
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various DPAs (CNIL, BfDI, AEPD, etc.)
Filed
October 21st, 2025
Instrument
Enforcement
Legal weight
Binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Consumers Telecommunications firms
Geographic scope
National (Spain)

Taxonomy

Primary area
Data Protection
Operational domain
Legal
Topics
Consumer Rights Identity Theft

Browse Categories

Federal Courts 19 State Courts 103 Securities Regulation 2 Financial Regulation 10 Consumer Protection 2 Drug Safety 15 Data Protection 10 Competition 2 Attorneys General 3 Insurance Regulation 3 Trade & Export 14 Legislation 39 Government 91 Energy Regulation 4 Environment 3 Labor & Employment 2 Tax 1

Get Data Protection alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.