Edison Energia S.p.A.

Kirjeldus

The Italian DPA has fined Edison Energia S.p.A. EUR 4.9 million. Several person had filed complaints with the DPA regarding unlawful marketing activities of the company. During its investigation, the DPA found that the company contacted data subjects by telephone for marketing purposes without their consent. For this purpose, the company used contact lists from third parties, which in many cases, however, did not contain the free, specific, informed and documented consent of the users to the disclosure of personal data. The DPA also found that Edison Energia did not provide data subjects with a direct and easy way to exercise their right to object. In addition, Edison Energia failed to respond to data subject requests in a timely manner in several cases. In addition, the DPA found that users of the app and website simultaneously consented to the use of their data for both marketing and profiling purposes. The DPA found that such consent did not correspond to voluntary and specific consent for different purposes. Finally, the DPA found that Edison Energia failed to provide data subjects with transparent information about the processing of their personal data.