Support Centre

Italy: Garante fines Iliad Italia €800,000 for GDPR violations

The Italian data protection authority ('Garante') announced, on 13 July 2020, that it had issued a decision ('the Decision') fining Iliad Italia S.p.A. €800,000 for violation of Articles 5 and 25 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), as well as Articles 132-ter and 123 of the Personal Data Protection Code, Containing Provisions to Adapt the National Legislation to General Data Protection Regulation (Regulation (EU) 2016/679). In particular, the Garante outlined that the violations carried out by Iliad Italia regarded the processing of customers' data for the activation of SIM cards, as well as the means of collection of payment's data. In addition, the Garante highlighted that Iliad Italia violated the data protection rules in relation to the processing for direct marketing purposes and to the conservation of clients' data in their website's personal area. In this regard, the Garante found that Iliad Italia's conduct amounted to a violation of the principles of lawfulness, fairness, and transparency, as well as integrity and confidentiality.

You can read the press release here and the Decision here, both only available in Italian.

UPDATE (28 July 2020)

EDPB issues statement on Garante's fine against Iliad Italia

The European Data Protection Board ('EDPB') issued, on 27 July 2020, a statement on the Decision.

You can read the statement here.