Italy
E.ON Energia spa
GDPR enforcement action by Italian Data Protection Authority (Garante) on 2024-11-27.
Case details
- Authority
- Italian Data Protection Authority (Garante)
- Date
- 2024-11-27
- Controller / Processor
- E.ON Energia spa
- Sector
- Transportation and Energy
- Quoted Articles
- Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 12 GDPR, Art. 15 GDPR, Art. 22 GDPR, Art. 24 GDPR, Art. 28 GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
he Italian DPA has imposed a fine of EUR 892,738 on E.ON Energia spa for unlawfully processing personal data for telemarketing. The investigation was triggered by complaints from two individuals who received unsolicited calls and did not receive responses to their requests to exercise their rights under the GDPR.
It was found that when the electricity and gas supplies were activated, consents of data subjects were recorded incorrectly. E.ON failed to take appropriate measures to verify the accuracy of the consent given by customers and the corresponding data stored in the systems, which resulted in telemarketing being carried out without a lawful basis.
Furthermore, the DPA found that there was a lack of sufficient control and training of the employees responsible for these activities.
In another case, E.ON stated that the calls were made in response to a request from the data subject to be contacted, submitted in the context of a Facebook advertising campaign. However, the data subject stated that they were never registered on Facebook.
Along with the fine, E.ON was ordered to implement measures to ensure future compliance with data protection regulations.
Related fines