Italian ISPs Bashed With Multi-Million Fines Due to GDPR Violations

  • The Italian data protection authorities have imposed hefty fines on GDPR violators in the country.
  • Wind, Iliad, and a calling center have been bashed with huge penalties and were given thirty days to pay them in half.
  • The violations mainly involved the unlawful recording of personal data and its use for marketing purposes.

The Italian data protection authority (Garante per la Protezione dei Dati Personali) has stunned three telcos in the country with injunction orders and multi-million fines for various GDPR violations. The agency carried out investigations that were launched in 2019, after receiving numerous reports and complaints about the data collection methods followed by ‘Iliad Italia SpA,’ ‘Wind Tre SpA,’ and ‘Merlini SRL.’

Merlini isn’t an ISP but a promoter of services who was contracted by Wind to call people and try to convert them to clients. The Italian investigators have confirmed the violations below.

Wind violated articles 5, 6, 12, 24, and 25 of the GDPR (General Data Protection Regulation), engaging in unlawful data processing activities for marketing purposes. The company was confirmed to have sent a large number of emails, telephone calls, or SMSs to people who had never given their consent for this. Some even objected to this annoying communication and specifically asked to be excluded, but Wind ignored these requests and proceeded to publish their contact details on public lists.

Finally, any apps created by Wind for marketing purposes only gave an option to withdraw consent after 24 hours of use. For all these reasons, “Garante” has imposed a €16,729,600 fine (about $19.1 million) to Wind.

Next is Merlini, the Milan-based marketing firm, and the close collaborator of Wind. Garante has found that the firm violated articles 5, 6, 7, 28, and 29 of the GDPR. Operating on behalf of Wind, Merlini launched communications to people who had never given their consent for third parties to use their contact information for marketing purposes.

Besides, Merlini held that data locally without having the right to do so. Thus, Garante has decided to impose a fine of €200,000 ($228,000) to Merlini.

Finally, there is the investigation against ‘Iliad Italia,’ who violated articles 5 and 25 of the GDPR. The ISP processed customer data for the activation of SIM cards in a manner that resulted in the recording of this data without the acquisition of consent. By doing so discretely, the company has also violated principles of lawfulness, fairness, transparency, and integrity, storing that data for direct marketing purposes.

For these violations, Iliad is now called to pay €800,000 ($912,300) – which is 4% of 20 million euros considering Iliad’s yearly turnover.

Read More:


Recent Articles

How to Hide VPN IP Addresses (4 Options That Work)

There are tons of online guides that talk about how you can hide your IP address (here's our own). But we have yet to...

How to Watch ‘Black Clover’ Season 1 – 3 (Dub & Sub) Online

When it comes to manga and anime, everyone has favorites. Well, Black Clover is the favorite of many of our team members, and we're...

Browser Fingerprinting and You (What It Is, How It Works, How It Violates Your Privacy, and What You Can Do)

Many people use VPNs to protect their privacy by hiding their IP address. Websites, hackers, advertisers, and ISPs can't track your geo-location and digital...