The Federal Commissioner for Data Protection and Freedom of Information (BfDI) imposed fines for breaches of the General Data Protection Regulation (GDPR), citing Vodafone’s failure to adequately oversee partner agencies that broker customer contracts on its behalf.
The telco was also punished for security deficiencies in the integration between its MeinVodafone online portal and customer hotline, which left eSIM profiles vulnerable to unauthorised access.
The first fine, €15 million, was issued over Vodafone’s failure to properly vet and supervise third-party sales agencies, some of which were found to have engaged in fraud by creating fictitious contracts or making unauthorised changes to existing ones.
The second, €30 million, related to authentication weaknesses in Vodafone’s customer-facing systems, where security flaws in the combined use of its MeinVodafone portal and support hotline allowed third parties to gain illicit access to eSIM profiles.
“Data protection is often mistakenly seen as an obstacle to IT investments. In fact, the opposite is true,” said Federal Commissioner Prof. Dr. Louisa Specht-Riemenschneider.
“Without IT investments, there is the threat of security incidents and sanctions from data protection regulators. Therefore, my appeal: Investing instead of incurring risks.”
In the wake of the GDPR breaches, the BfDI confirmed that Vodafone Germany has taken steps to improve its processes and systems to mitigate potential future risks.
The telco has also revised its processes for selecting and auditing partner agencies, separating itself from the at-issue partners.
The Commissioner will conduct a follow-up review of the telco to evaluate the effectiveness of its improvements.
“Companies that want to comply with data protection law must be empowered to do so,” Specht-Riemenschneider added. “Data protection is a factor of trust for users of digital services and can therefore become a competitive advantage. More and more companies are understanding this.”
Germany, Vodafone’s largest market, continues to face challenges. In the Group’s recent earnings call, revenues for its German arm fell 5.0% in FY25, compared to a 6.4% drop the year before.
The brand has been hit by changes in regulation to bulk TV contracts in multi-dwelling units (MDUs), meaning Vodafone and other providers lost a significant number of customers who were previously signed up through bulk contracts.
However, the telco giant has labelled its German business as a “turnaround market” with an eye on fortunes improving at the brand.
RELATED STORIES
Vodafone revenue rises as turnaround efforts start to show
Vodafone launches search for new CFO as Mucic leaves for CEO role
