Italy: Garante fines Iliad Italia €800,000 for GDPR violations
The Italian data protection authority ('Garante') announced, on 13 July 2020, that it had issued a decision ('the Decision') fining Iliad Italia S.p.A. €800,000 for violation of Articles 5 and 25 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), as well as Articles 132-ter and 123 of the Personal Data Protection Code, Containing Provisions to Adapt the National Legislation to General Data Protection Regulation (Regulation (EU) 2016/679). In particular, the Garante outlined that the violations carried out by Iliad Italia regarded the processing of customers' data for the activation of SIM cards, as well as the means of collection of payment's data. In addition, the Garante highlighted that Iliad Italia violated the data protection rules in relation to the processing for direct marketing purposes and to the conservation of clients' data in their website's personal area. In this regard, the Garante found that Iliad Italia's conduct amounted to a violation of the principles of lawfulness, fairness, and transparency, as well as integrity and confidentiality.
UPDATE (28 July 2020)
EDPB issues statement on Garante's fine against Iliad Italia
The European Data Protection Board ('EDPB') issued, on 27 July 2020, a statement on the Decision.
You can read the statement here.