The Italian DPA issues a monetary penalty of 2.8 million euros for unlawful processing of personal data during a marketing campaign.

  • Authority: Garante per la protezioni del dati personali -Italian DPA-.
  • Sanctiones society: TIM telecommunications Enterprise.
  • Monetary Penalty: 2.800.000 euros.
  • Infraction: art.  5 / 6 / 17 / 21 / 32 GDPR.
  • Activity: Telemarketing
  • Link: link

Unlawful processing of personal data regarding phone calls during a marketing campaign carried out by the company and third related parties. The lack of diligence in the enterprise behaviour concern up to million people. As an example, one particular was called one hundred fifty times during a one month period.

The Italian DPA was satisfied of the inexistence of:

  • The due consent of the interested parties when making marketing phone calls.
  • Any protocol to ensure the lawfulness of the processed data.
  • Any protocol that ensures the effectiveness of the data subjects rights.
  • Control over the centre calls.

Privacy policy and data protection policy (Unclear and ambiguous, which led to the helplessness of data subjects.

Inefficient mechanisms to deal with a security breach.

Moreover, the Garante imposesa series of corrective measures in light of  art. Fifty eight point 2 of the GDPR, prohibiting TIM from processing data related to the marketing of persons who have refused to receive promotional calls, those who requested to be included in the “opt-out” list, and persons who are not customers of TIM.

Leave an answer

Your email address will not be published.

The company processes your data to facilitate the publication and management of comments. You can exercise your rights of access, rectification, deletion and opposition, among others, according to our Privacy policy.