Show all guides
Europe
GDPR

Vodafone fined €45M in Germany for data privacy oversight and security failures

Last update:
Jun 12, 2025

In early June, leading telecommunications company Vodafone was fined a total of €45 million by Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI). The fine was split into two major parts. The first, €15 million, was imposed because Vodafone failed to monitor its partner agencies properly. 

According to the regulator, these third-party agencies committed fraud by arranging fake contracts and making unauthorized changes to existing agreements. The BfDI said Vodafone should have had systems in place to verify the actions of these agencies, especially given their role in representing the company to the public.

The second fine, worth €30 million, was tied to Vodafone’s customer authentication processes. The regulator discovered flaws in the company's verification process, which created security risks for customer accounts. This is yet another example of how intertwined security and privacy vulnerabilities are today. 

Both parts of the fine fall under GDPR violations, and the company has announced its commitment to addressing these issues and prioritizing data privacy and security. 

The full guidelines can be found
here

Related Guides

Netflix fined €4.75 million in the Netherlands

December 12, 2024

The Dutch DPA fined Netflix €4.75 million for failing to provide users with transparent privacy disclosures and mishandling access requests between 2018 and 2020.
Europe
GDPR

EU Court fines the European Parliament

January 26, 2025

The EU’s General Court fined the European Parliament €400 for violating GDPR after a website allowed Facebook login, exposing user data. Even public institutions must follow privacy laws.
Europe
GDPR
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only