On September 11, 2023, the Italian data protection authority (Garante) announced, in its newsletter, its decision No. 321, as issued on July 18, 2023, in which it imposed a fine of €100,000 on Tiscali Italia S.p.A., for violations of the General Data Protection Regulation (GDPR) and the Personal Data Protection Code, Containing Provisions to Adapt the National Legislation to the GDPR (the Code), following an ex officio investigation by the Garante.

Background to the decision

In particular, the Garante explained that it had concluded an ex officio investigation on Tiscali, as part of the Garante's monitoring of marketing and profiling activities conducted by telephone companies.

Findings of the Garante

In light of the investigation carried out, the Garante found that Tiscali must be held responsible for its personal data processing activities violating Articles 5(1)(a), 5(1)(b), 5(1)(c), 5(1)(e), 5(2), 12(1), 13(2)(a), and 24 of the GDPR, and 130(4) of the Code.

Notably, among other things, the Garante ascertained that Tiscali had provided incomplete information to its users relating to the processing of their data without indicating any time limit for data retention of personal data for marketing and profiling purposes. The Garante also highlighted that Tiscali had carried out so-called soft spam activities, by sending, within four months, text messages to over 160,000 customers who had not expressed their consent to receive promotional communications.

Outcomes

As such, the Garante imposed the aforementioned fine on Tiscali.

You can read the decision here and the newsletter here, both only available in Italian.