February 1, 2023

Volume XIII, Number 32

Advertisement

January 31, 2023

Subscribe to Latest Legal News and Analysis

January 30, 2023

Subscribe to Latest Legal News and Analysis

Italian Garante Fines Telecoms Provider 17 Million Euros for Direct Marketing Infringements

On July 13, 2020, the Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) announced that it levied a €16,729,600 fine on telecoms provider Wind Tre S.p.A. (“Wind Tre”) for several unlawful data processing activities, mostly related to direct marketing.

The Garante indicated that it had already issued a prohibitory injunction against Wind Tre for similar infringements in the past, prior to the EU General Data Protection Regulation.

Following its investigation, the Garante found that numerous complaints were filed by users against Wind Tre for unsolicited marketing communications sent to them without their consent. In several instances, complainants declared that they had not been able to withdraw their consent or object to the processing of their personal data for marketing purposes, partly because the contact details provided to them in Wind Tre’s privacy notice were not accurate. In addition, some users’ contact details were included in public phone listings despite their prior objections. The Garante also found that Wind Tre’s apps were configured in a way that required users’ consent to the processing of their data for various purposes, including direct marketing and geolocation, on each access. Such consent could only be withdrawn after a 24-hour waiting period.

Furthermore, the investigation revealed various infringements related to Wind Tre’s business partners. One business partner was fined €200,000 for having unlawfully subcontracted parts of its processing activities to call centers that were collecting data unlawfully.

For these reasons, the Garante (1) fined Wind Tre €16,729,600, (2) prohibited any further processing of the personal data obtained unlawfully, and (3) ordered the telecoms provider to implement technical and organizational measures ensuring an effective management of its business partners.

Read the Garante’s decision (in Italian).

Copyright © 2023, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 199
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement