Italy: Garante fines Vodafone €12.2M for unlawful telemarketing activities
The Italian data protection authority ('Garante') announced, on 16 November 2020, that it had fined Vodafone Italia S.p.A. €12.2 million for unlawful telemarking activities. In particular, Garante outlined that the investigation on the telemarketing practices of Vodafone and its sales' network started because of hundreds of individual complaints concerning unsolicited marketing calls. In addition, Garante highlighted that the investigation found serious violations in relation to the collection of consent, as well as to the principles of accountability and Privacy by Design. More specifically, Garante stated that Vodafone, among other things, used fictitious phone numbers that were not in any case included in the Register of Communication Operators in order to carry out the telemarketing activities, and that the same were to be linked to call centres continuously violating data protection legislation.
Moreover, Garante noted that Vodafone received marketing lists from commercial partners without the free, informed, and specific consent of data subjects. Furthermore, Garante found that Vodafone had adopted inadequate security measures in relation to the clients management systems, since Vodafone's employees requested individuals to send identity documents via Whatsapp, with the potential purpose of carrying out spamming, phishing, or other unlawful activities. As a result, Garante provided that Vodafone's conduct amounted to a violation of Articles 5(1) and (2), 6(1), 7, 15(1), 16, 21, 24, 25(1), 32, and 33 of the General Data Protection Regulation (Regulation (EU) 2016/679).
UPDATE (19 November 2020)
EDPB publishes Garante's press release in English
At Garante's request, the European Data Protection Board ('EDPB') published, on 19 November 2020, Garante's press release in English.
You can read the EDPB publication here.