Vodafone Italia S.p.A.

Kirjeldus

The company was fined EUR 12,251,601 for unlawfully processing personal data of millions of customers for telemarketing purposes. The proceedings were preceded by hundreds of complaints from data subjects about unsolicited telephone calls, which led to an investigation by the data protection authority. This investigation revealed several violations of the data protection law, including the violation of consent requirements and the violation of general data protection obligations such as accountability. One of the main criticisms made by the Data Protection Agency was the use of fake numbers to make promotional calls by the contracted call centers (i.e. phone numbers not registered with the National Consolidated Registry of Communication Operators). Furthermore, further violations could be found in the handling of contact lists purchased from external providers. Finally, security measures for the management of customer data were also considered inadequate.