BY THE ITALIAN DATA PROTECTION AUTHORITY, GPDP: Telephone operators: is still going on the activity control of the Italian DPA (Garante), sanction to Wind for about 17 million euros and Iliad for 800.000 euros.
This post is also available in: Italiano Español
The control activity of the Italian Data Protection Authority (Garante) on the telephony companies continues to take place after more than hundreds of complaints and notifications that each week arrive at the Authority, are simply case of “wild marketing”.
In the context of these control activities, during the plenary meeting on the last 9 July, the Authority has sanctioned Wind Tre Spa of almost EUR 17 million for numerous unlawful data processing related to promotional activities.
For similar cases, the company had been sanctioned with an action for an injunction when the Privacy Code was in force.
The new procedure has been adopted since the success of a complex judicial and inspection investigation. Users complained about the receipt of undeerified promotional contacts, made without consent by sms, email, fax, authorized phone calls. In many cases, the informants stated that they could not exercitate their own rights of withdrawal of consent or opposition to the processing of their data for marketing purposes (also due to inaccuracies in the indication of the contact channels present in the information). In different cases they complained about the publication of public telephone books, notwithstanding the (sometimes repeated) opposition of the interested parties.
The instructor found that the MyWind and My3 applications were configured in such a way that the user was obliged to offer, each new access, different consent for different processing purposes (marketing, prophylaxis, communication to third parties, enrichment and geolocation), except the possibility to revoke it after 24 hours.
In addition to these “system” faults, the Garante’s controls have put into light different wrongdoings in the chain of Wind Tre’s business partners, also with improper activation of contracts. Due to these breaches, a partner of the telephony operator – who had sublet (without legal act) complete data processing caps to call-center collecting data illegally – has been punished from 200,000 euros from the Garante and has been barred from using the data collected and processed from agents present in the national territory (i.e. contractors) with full disclosure to data protection laws.
The arguments put forward in its defence by Wind Tre and the series of corrective measures implemented by the company, including as regards the centralization of promotional campaigns, were not considered appropriate by the Garante. In addition to sanctioning the telephone company for EUR 16,729600, the Authority prohibited Wind from processing the data acquired without consent and ordered it to take technical and organisational measures for effective control of the partner supply chain, as well as procedures for complying with the will of users not to be disturbed.
At the same meeting on 9 July, the Garante also examined the conclusions of the investigations against another telephone operator, Iliad, which was found to lack other aspects, in particular as regards the way in which its employees accessed traffic data and which, for these reasons, were sanctioned for EUR 800 000.
SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELL’ITALIA – GPDP