Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Italy: Garante fines GFB One €90,000 for lack of identity verification when activating SIM cards
On October 10, 2023, the Italian data protection authority (Garante) announced in its newsletter its Decision No. 405, as issued on September 14, 2023, in which it imposed a fine of €90,000 on GFB One s.r.l., for violations of the General Data Protection Regulation (GDPR) and the Personal Data Protection Code, Containing Provisions to Adapt the National Legislation to the GDPR (the Code), following a complaint by an individual.
Background to the decision
The Garate noted that the complainant had reported the unlawful activation, in their name, of two SIM cards by Vodafone Italia S.p.A., and that the activation had been notified to the complainant via email and SMS. Further to this, the complainant had blocked the SIM cards and had independently carried out some investigations from which they discovered that the SIM card had both been activated by a Vodafone store the sending of two emails and an SMS message. The complainant, after contacting the telephone company to block the new utilities, had independently carried out some investigations from which it appeared that the numbers had both been activated by a Vodafone store owned by GFB One.
Findings of the Garante
At the end of its investigation, the Garante determined that GFB One had violated:
- Articles 5(1)(a) and 6 of the GDPR, for having processed the personal data of the data subject in violation of the principle of lawfulness and in the absence of an appropriate legal basis;
- Article 13 of the GDPR, for failing to explain to the data subject how it had obtained the photocopy of their identity card; and
- Article 157 of the Code, for failing to provide the Garante with the information and documents requested in the course of the investigation.
In addition, the Garante took into account the seriousness and malicious nature of the violations and considered the conduct to be attributable to the phenomenon of illicit activation of phone cards, which may also be of criminal nature.
Outcomes
In conclusion, the Garante imposed a fine of €90,000 on GFB One, which may be appealed before the judicial authority.
You can read the newsletter here and the decision here, both only available in Italian.