The Italian Garante (Data Protection Authority) levied a fine of €800,000 on mobile telecoms provider Iliad for improperly recording payment information and processing personal data when activating SIM cards, as well as violating requirements for properly storing, processing, and using personal data, including telephone telematic data. An interesting aspect of the faults found in SIM activation was that Iliad used cameras that could capture images of people passing by, not just images of the person doing the transaction.

https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9435807