Cyber, Privacy and Data Innovation Alert
italiano: Telemarketing aggressivo: l’Autorità Garante per la protezione dei dati personali sanziona una compagnia telefonica per 12 milioni 250 mila euro
By: Ivan Rotunno, Giulia Rivarola di Roccella e Martina Acquaro
On November 12th , the Italian Data Protection Authority imposed a fine of 12,251,601 euros to a telephone company for illegally processing the data of millions of users for the purpose of carrying out direct marketing activities, in violation of provisions on the processing of personal data, which regulate consent and several fundamental principles set out in the GDPR.
The preliminary investigation, which began last July following the receipt of several reports and complaints from company users, concerned the telemarketing activities carried out by the commercial department for the promotion of telephone and internet services.
In particular, the Supervisory Authority proceeded with six different objections against the company:
In addition to the unlawfulness concerning non-compliance with the principles set out in Articles 5 and 6 of the Regulation, the company has received specific fines regarding security measures deemed inadequate with respect to the risks to the rights and freedoms of the data subjects and omissions regarding the duty of notification pursuant to Article 33 GDPR of a data breaches, which occurred in November 2019, and the obligation to assist and respond to requests for the exercise of rights by the users concerned.
Detailed analysis is available in Italian: Telemarketing aggressivo: l’Autorità Garante per la protezione dei dati personali sanziona una compagnia telefonica per 12 milioni 250 mila euro