Italy

Vodafone Italia S.p.A.

12,251,601 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2020-11-12.

Rank · Sector

#27

of 369 in Media, Telecoms and Broadcasting

Rank · Italy

of 543

Rank · All fines

#43

of 3,050

Case details

Authority: Italian Data Protection Authority (Garante)
Date: 2020-11-12
Controller / Processor: Vodafone Italia S.p.A.
Sector: Media, Telecoms and Broadcasting
Quoted Articles: Art. 5 (1), (2) GDPR, Art. 6 (1) GDPR, Art. 7 GDPR, Art. 15 (1) GDPR, Art. 16 GDPR, Art. 21 GDPR, Art. 24 GDPR, Art. 25 (1) GDPR, Art. 32 GDPR, Art. 33 GDPR
Type of violation: Non-compliance with general data processing principles

Summary

The company was fined EUR 12,251,601 for unlawfully processing personal data of millions of customers for telemarketing purposes. The proceedings were preceded by hundreds of complaints from data subjects about unsolicited telephone calls, which led to an investigation by the data protection authority. This investigation revealed several violations of the data protection law, including the violation of consent requirements and the violation of general data protection obligations such as accountability. One of the main criticisms made by the Data Protection Agency was the use of fake numbers to make promotional calls by the contracted call centers (i.e. phone numbers not registered with the National Consolidated Registry of Communication Operators). Furthermore, further violations could be found in the handling of contact lists purchased from external providers. Finally, security measures for the management of customer data were also considered inadequate.

Open original source Links to the regulator's original publication or another source.