Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Italy: Garante fines Vodafone €500,000 for unlawful use of personal data in promotional campaigns
The Italian data protection authority ('Garante') announced, on 28 November 2022, in its monthly newsletter, the publication of its Decision No. 379, as issued on 10 November 2022, in which it imposed a fine of €500,000 on Vodafone Italia S.p.A., for violations of Articles 5(1), 5(1)(a), 6, 7, 12(1), and 13 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), and Articles 130(1), 130(2), and 130(3) of the Personal Data Protection Code, Containing Provisions to Adapt the National Legislation to General Data Protection Regulation (Regulation (EU) 2016/679) ('the Code'), following an investigation.
Background to the decision
In particular, the Garante explained that its investigation had been initiated following the submission of a complaint from a consumer of Vodafone, who alleged that they had been contacted by a call center of the Vodafone sales network, and that, as a result of this call, a contract for the activation of fixed line telephone services was stipulated, without the consent of the same consumer.
Findings of the Garante
Following its investigation, the Garante found that Vodafone had committed the following violations:
- Articles 12(1) and 13 of the GDPR, for having made a promotional contact with the complainant without having given the interested party the necessary information under the aforementioned provisions;
- Articles 5(1), 6, and 7 of the GDPR, as well as Article 130(3) of the Code, for having made the aforementioned promotional contact without having acquired the required consent from the complainant;
- Articles 5(1)(a), 6, and 7 of the GDPR, as well as Articles 130(1), 130(2), and 130(3) of the Code, for having acquired from the interested party, during the aforementioned promotional contact, consent that was not specific; and
- Article 5(1)(a) of the GDPR, for having carried out the processing of personal data aimed at concluding a contract for the activation of telephone services for the complainant, in violation of the principles of fairness and transparency of the personal data processing.
Outcomes
In conclusion, the Garante imposed a fine of €500,000 on Vodafone in light of the aforementioned violations.
You can read the newsletter here and the decision here, both only available in Italian.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
