Fastweb S.p.A.

Description

The Italian DPA (Garante) has fined Fastweb S.p.A. EUR 4,500,000 for aggressive telemarketing. Following a complex preliminary investigation launched after hundreds of reports and complaints from users, the DPA finds that the controller illegally processed the personal data of millions of users for telemarketing purposes. Namely, the call centers working for Fastweb largely acted in disregard of data protection regulations. They often used telephone numbers for their calls that were not registered in the Italian register for communications operators (Registro degli Operatori di Comunicazione). Moreover, they processed contact data for promotions Fastweb had received from external partners without the data subjects having given valid consent for their data to be shared. In addition, many users reported being contacted by 'self-proclaimed Fastweb operators' who attempted to obtain contractors' identity documents via WhatsApp, likely for the purpose of spamming, phishing and other fraudulent activities. Other breaches involved procedures for the 'call me back' service that made it impossible for users to give free, specific and informed consent and to deactivate the service in an automated manner.