Italy: Garante fines Merlini €200,000 for GDPR violations
The Italian data protection authority ('Garante') announced, on 13 July 2020, that it had issued a decision ('the Decision') fining Merlini s.r.l. €200,000 for violation of Articles 5, 6, 7, 28, and 29 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), as well as Article 130 of the Personal Data Protection Code, Containing Provisions to Adapt the National Legislation to GDPR ('the Code'). In particular, the Garante outlined that Merlini carried out, through a third-party provider, telemarketing activities on behalf of Wind Tre S.p.A., which was €16.7 million by the Garante on the same day for unlawful telemarketing practices. In this regard, the Garante found that Merlini's activity was carried out in violation of the GDPR and the Code, as well as that an agreement with the third party was not in place.