July 14, 2020

Italian telecommunications company fined $18 million for GDPR violations

On July 13, 2020, the Italian Data Protection Authority (IDPA) announced that it fined Wind Tre S.p.A., a telecommunications and cable provider in Italy, approximately $18.6 million (€16.7 million) for unlawfully processing data in a recent marketing campaign, in violation of the General Data Protection Regulation.  The authority had already issued a prohibitory injunction against Wind Tre for similar infringements under the previous data protection law.  The fine was imposed after customers complained of receiving unsolicited marketing communications via text, email, fax and automated phone calls, without the ability to object to the use of their personal data for marketing purposes, and in some instances, published data  on public phone lists despite their objections. 

An IDPA investigation determined that a couple of the company’s apps were configured to require customers to consent to receiving marketing materials and sharing user data with third parties among other things, each time customers accessed the apps, finding that customers were only able to withdraw their consent after 24 hours.  As a result, the authority found that corrective measures implemented by the company were inadequate, and in addition to the fine, prohibited the company from acquiring further data without consent, and required the company to take technical and organizational measures to oversee their business partners, and implement procedures to ensure that customer information is left alone.

IDPA Press Release | GDPR Information and Reference