Overview

• On June 3, the Federal Commissioner for Data Protection and Freedom of Information imposed a €45 million penalty on Vodafone, the largest fine issued by the authority to date.
• The sanction splits into €15 million for unlicensed contracts brokered by partner agencies and €30 million for security gaps in the ’MeinVodafone’ portal and hotline.
• Investigations launched in 2021 uncovered partner-agent misconduct in setting up falsified customer agreements without proper authorization.
• Regulators found that weak authentication procedures allowed unauthorized parties to access and take over customers’ eSIM profiles, raising fraud concerns.
• Vodafone has paid the fines, overhauled partner oversight and authentication protocols, donated millions to privacy advocacy groups, and now awaits the regulator’s review of its enhanced safeguards.