Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Italy: Garante fines Scionti Selezioni Superiori €70,000 for telemarketing violations

The Italian data protection authority (Garante) announced, on November 8, 2023, in its newsletter, its decision No. 479, as issued on October 12, 2023, in which it imposed a fine of €70,000 on Scionti Selezioni Superiori S.r.l., for violations of the General Data Protection Regulation (GDPR), the Personal Data Protection Code, Containing Provisions to Adapt the National Legislation to the GDPR (the Code), and Law No. 5 of January 11, 2018 on New Provisions on the Registration and Functioning of the Do Not Call Registry and Establishment of National Prefixes for Telephone Calls for Statistical, Promotional Purposes, and Market Research (Law No. 5/2018), following multiple complaints.

Background to the decision

The Garante noted that the complainants had reported receiving unwanted promotional phone calls from Scionti Selezioni Superiori, as well as from counterfeit telephone numbers. In many cases, the unwanted calls followed the purchase of coffee from Scionti Selezioni Superiori.

Findings of the Garante

At the end of its investigation, the Garante found that the promotional phone calls were mostly directed to users registered in the Do Not Call Registry (DNCR) and that the personal data was acquired in different ways, such as through a form on the company's website and from contact lists compiled by third-party companies. 

Specifically, the Garante determined that Scionti Selezioni Superiori had violated:

  • Articles 5(1)(a), 6, 7, and 13 of the GDPR and Article 130 of the Code, for not having acquired the prior consent of the data subjects and for failure to provide the required information on the processing of their personal data in the context of the promotional phone calls;
  • Articles 5(1), 5(2), 6(1)(a), and 7 of the GDPR, for having used lists of data from third parties for marketing purposes without having verified the acquisition of free, specific, documented, and informed consent of the data subjects;
  • Articles 5(1)(a), 6(1)(a), 7, and 12(1) of the GDPR, for not acquiring specific consent to marketing regarding the processing of personal data collected through the website and for lack of transparency;
  • Articles 12, 15, and 21 of the GDPR, for failing to comply with the requests for the exercise of rights made by some data subjects and for failing to take action following the opposition to direct marketing;
  • Articles 1(11) and 1(12) of Law No. 5/2018, and Article 130(3) of the Code, for engaging in telemarketing activities without consulting the DNCR on a monthly basis or otherwise before each telemarketing campaign; and
  • Articles 5(2), 24(1), 24(2), and 25 of the GDPR, for failure to take adequate organizational measures to keep track of processing activities along with failure to comply with the obligation to provide evidence of compliance.

Considering the violations that were ascertained, the Garante imposed on Scionti Selezioni Superiori a fine of €70,000.

Outcomes

In addition to the fine, the Garante ordered Scionti Selezioni Superiori to delete the data unlawfully acquired for marketing purposes and implement appropriate technical, organizational, and control measures so that the processing of users' personal data complies with privacy regulations throughout the company's supply chain.

You can read the newsletter here and the decision here, both only available in Italian.