On April 2, 2021, the Garante per la protezione dei dati personali, Italy’s data protection authority, announced a € 4.5 million fine against Fastweb S.p.A., a major Italian telecommunications company owned by Swisscom Group, for illegal handling of the personal data of millions of users. According to the Garante, an investigation of complaints by hundreds of consumers led to a finding that Fastweb had failed to supervise call centers that had made thousands of telemarketing calls to individuals who had not consented to the calls, including through what the Garante termed “the alarming use of fictitious numbers or numbers that are not listed on the Registry of Communications Operators.” The Garante found a web of abusive call centers that conduct telemarketing activities in total disregard of data privacy protections. The authority also found inadequate measures to secure Fastweb’s client data management systems, leading to phishing calls to customers from operators claiming to represent Fastweb. In addition, the Garante identified promotional activity conducted by Fastweb in partnership with a third party, in which lists of customer contacts were used without the consent of the customers.
In addition to imposition of the € 4,501,868 fine, the Garante ordered Fastweb to enhance its systems in order to prevent unauthorized access, and bring them into compliance with Italian and European data protection provisions. Furthermore, Fastweb must improve its handling of telemarketing so that it can demonstrate that contracts for services and goods result only from calls made to numbers listed on the Registry of Communications Operators. Additionally, Fastweb will not be able to use information taken from lists provided by third parties unless the latter have obtained the specific, free and informed consent of those concerned.