- Fastweb S.p.A. fined €4.5 Million for launching marketing campaigns without any consideration to GDPR requirements.
- The ISP was contracting unofficial call centers that don’t have systems in place to confirm user consents.
- Some of the partners were following totally illegal procedures to obtain contact lists.
The Italian authority for the protection of data (Garante Per La Protezione Dei Dati Personali) imposed a fine of €4,501,868.00 to the internet service provider ‘Fastweb S.p.A’. The reason for the substantial penalty is that the company was confirmed to engage in large-scale aggressive telemarketing, like making numerous calls to people who never agreed to have their phone numbers shared or used for purposes of this kind. This decision comes after a thorough investigation launched after hundreds of reports and complaints that reached GPDP.
The investigation of the authority revealed that Fastweb was casually using numbers that are not registered in the Register of Communication Operators, meaning that the company was contracting abusive call centers that don’t comply with any regulation underpinning this special marketing space. These centers don’t link their contact lists with catalogs of exclusion, so they just carry out telemarketing campaigns without paying any consideration to people’s consents.
Moreover, and maybe even more worryingly, the authority found that Fastweb’s contractors were attempting to acquire contacts via WhatsApp contact lists and then spammed them all. Another violation concerns the erroneous implementation of Fastweb’s “Call me Back” service, which essentially overrides data protection safeguards. And finally, the authority confirmed a case of a promotional campaign carried out by Fastweb in partnership with another entity, targeting a customer list provided by the latter, which was sources illegally.
For all these offenses, Fastweb will have to pay a fine of €4.5 million and accept a number of restrictions. First, the ISP will have to prove that all activations of offers and services that happen from now on were made through calls that were done via registered numbers that are enrolled in the RoC. Second, the company will have to strengthen its security measures to prevent any unauthorized access to its customer databases. Third, Fastweb will no longer be allowed to use data lists obtained by third-party partners without having proof of consent by the people whose data is contained in these sets.
Last year, GPDP fined three telcos in the country over multiple GDPR violations, including marketing-related contraventions. Thus, the authority has played a crucial role in shaping a safer space for Italians, bashing the companies that disregard the need to have people’s consent for the acceptance of promotional messages.