Fraud by partners, security gaps in the system - and that for years

45 million euros in fines - that's not just a record, but a loud alarm signal for the entire telecommunications industry. Vodafone Germany is under fire for serious breaches of data protection: customer data was poorly protected, security mechanisms failed - and with notice.

The Federal Data Protection Commissioner Louisa Specht-Riemenschneider has now pulled the ripcord and taken action like never before. Her goal: to send a clear signal that data protection in Germany is not a paper tiger.

What exactly happened?

Two cases are particularly serious:

1. Vodafone's partner agencies have misused customer data on a large scale to falsify or change contracts - without the consent of those affected. Vodafone had not sufficiently monitored these partners. This resulted in an initial fine of 15 million euros.
2. The second scandal concerns Vodafone's own infrastructure: third parties were able to access eSIM data - the key digital component for cell phones - via the "My Vodafone" customer portal in combination with the hotline. There were huge security gaps here that were not closed in good time. The result: a further fine of 30 million euros.

This means a total of 45 million - the highest fine ever imposed by the German data protection authority.

Vodafone claims to have reformed - but the timing is tricky

Vodafone is cooperative, pays the fine and vows to do better. "Data protection has top priority," says a company spokesperson. The new head of Germany, Marcel de Groot, also wants to win back trust and announces a "transparency offensive". The only problem is that some of the breaches occurred during his time as head of the private customer business - before his current role.

The Group now wants to modernize systems, monitor partners more strictly and protect customers better. Words that have often been heard in a similar vein - and not just at Vodafone.

Data protection remains the Achilles heel of the industry

According to a recent Bitkom survey, 94 percent of companies consider data protection to be a burden. But instead of continuing to complain, companies should finally get their IT up to scratch. After all, if you skimp on data protection, you end up paying not only with your wallet, but also with customer trust - and your good reputation.

SPD digital politician Johannes Schätzl also puts it in a nutshell: "Data protection and IT security are two sides of the same coin. Telecommunications in particular involves very personal data - anyone who is sloppy here has no business being in this industry.

The record fine was overdue - but still not enough

45 million euros is a lot - but measured against Vodafone's billion-euro turnover, it's no more than a slap on the wrist. The fine was overdue, no question about it. But what is missing is real consequences for those responsible. Anyone who loses control of customer data for years should have to pay more than just a fine.

Data protection must hurt if it is ignored. Vodafone is a warning example - but certainly not the last.