Vodafone Spain €200k GDPR Fine Appeal Dismissed
AEPD dismissed Vodafone Spain's appeal against a €200,000 GDPR fine originally issued on 10 January 2026 for violations of Article 6.1 of the GDPR. The enforcement action arose from Vodafone's processing of a SIM card duplicate request without adequate identity verification, allowing a third party to obtain the claimant's SIM card by first modifying the account email. The DPA upheld the fine, finding Vodafone failed to follow its own security policies requiring verification calls or requests from linked phone lines.
GDPR Appeal Dismissed as Late - Administrative Procedure
The Spanish Data Protection Agency (AEPD) issued Resolution EXP202407584 dismissing a recurso de reposición (administrative appeal) as extemporaneous. The appellant filed the appeal on February 27, 2026, exceeding the one-month deadline from the January 26, 2026 notification of the original resolution. The AEPD found no grounds to admit the late-filed appeal under Article 116.d of the LPACAP.
ARTURO ACOSTA S.L. v. AEPD - Right to Erasure Enforcement Appeal Dismissed
The AEPD dismissed the appeal filed by ARTURO ACOSTA S.L. (NIF: B38094249) against enforcement resolution EXP202512014 (PD/00238/2025), which had upheld a data subject's GDPR erasure complaint. The company argued it could not suppress data because returned devices were factory-restored, but the AEPD upheld the original ruling based on the company's failure to timely respond to the erasure request and lack of documented proof of compliance. The DPA rejected claims of bad faith by the claimant and proportionality violations by the company.
GDPR Article 15 Subject Access Request Complaint Assessment
The IDPC assessed a complaint under Article 77 GDPR regarding alleged failures by a controller to respond completely to two subject access requests made in August 2019 and May 2025. The complainant alleged the controller omitted key categories of personal data including employment-related correspondence, salary progression records, and Industrial Tribunal-related data. The Commissioner found the 2019 allegations inadmissible due to an approximately six-year delay between the access request and the complaint filing, which materially impaired the ability to investigate the matter with certainty.
Baron Property Services Settlement for Renters Insurance and Criminal Record Violations
The Colorado Attorney General reached a settlement with Baron Property Services, LLC requiring the company to pay $75,000 total for violations of the Colorado Consumer Protection Act and Rental Application Fairness Act. The settlement includes $7,300 in restitution to 368 tenants improperly charged duplicate renters insurance fees and $67,635 in civil penalties. Baron has also agreed to comply with both statutes going forward and refrain from misrepresenting renters insurance requirements or improperly using criminal records in rental decisions.