You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Global
Contatto
it
Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |
In tutto il mondo
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Mondiale
Algeria
Angola
Arabia Saudita
Argentina
Australia
Austria
Azerbaigian
Bahrain
Belgio
Bielorussia
Bosnia ed Erzegovina
Botswana
Brasile
Bulgaria
Cambogia
Canada
Cile
Cina
Cipro
Colombia
Corea del Sud
Costa Rica
Croazia
Danimarca
Ecuador
Egitto
Emirati Arabi Uniti
Estonia
Etiopia
Finlandia
Flippine
Francia
Georgia
Germania
Ghana
Giappone
Grecia
Hong Kong
India
Indonesia
Irlanda
Italia
Kazakistan
Kenya
Kuwait
Lettonia
Libia
Liechtenstein
Lituania
Lussemburgo
Macedonia del Nord
Malesia
Marocco
Mauritius
Messico
Moldavia
Mongolia
Mozambico
Myanmar
Namibia
Nigeria
Norvegia
Nuova Zelanda
Oman
Paesi Bassi
Pakistan
Perù
Polonia
Portogallo
Qatar
Regno Unito
Repubblica Ceca
Romania
Serbia
Singapore
Slovacchia
Slovenia
Spagna
Sudafrica
Svezia
Svizzera
Taiwan
Tanzania
Thailandia
Tunisia
Turchia
Ucraina
Uganda
Ungheria
Uruguay
USA
Uzbekistan
Vietnam
Zambia
I nostri uffici Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(I colori appaiono al passaggio del mouse)
Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra
Cookie Policy
.
Approfondimenti
Servizi
Whistleblowing
Data Protection
Servizi legali
Servizi fiscali
Servizi multipractice
Industry
Revisione contabile
Formazione
Professionisti
Media
Rödl E-Book
RÖDL REPLAY - I NOSTRI WEBINAR
Newsletter
Legal Newsletter
Tax Newsletter
Data Protection Bites
Comunicati stampa
Comunicati operazioni
Rödl E-Book
Rödl & Partner sulla stampa online
Eventi
Su di noi
Currently selected
E-Book INTERNATIONAL VAT GUIDELINES
Uno studio internazionale
Uno studio internazionale
Le nostre sedi
Impegno sociale
Whistleblowing
Codice Etico
Modello 231
Sostenibilità
Carriera
Media
Pubblicazioni
Newsletter
Data Protection Bites
Data Protection Bites 5/2020
Latest decisions of the Italian Data Protection Authority against misleading requests concerning the data processing in marketing activities
Recent
Italian (Italy)
Currently selected
Consulenza legale, Consulenza fiscale, Audit, Servizi in outsourcing
Approfondimenti
Carriera
Cookie Policy
Cookie Policy
Eventi
Home
Informativa Privacy
Media
Privacy Policy
Professionisti
Servizi
Uno studio internazionale
BPO - Business Process Outsourcing
no-it-version-available
Profile
Error 404!
Error 401!
Latest decisions of the Italian Data Protection Authority against misleading requests concerning the data processing in marketing activities
Page Content
published on 15 September 2020 | reading time approx. 3 minutes
Once again, the Italian Data Protection Authority has highlighted the importance of an accountable approach in the design phase of personal data processing activities, which aims at protecting the data subject. Some of the latest decisions against two of the leading TLC companies focus on this important theme. In the following article, we are going to examine in details which kind of approach has been once again suggested by the Authority.
Two of the last decisions of the Italian Supervisory Authority, before the appointment of the new College, confirm the Authority's attention on marketing activities and focus on some aspects that may be of interest to anyone processing personal data (e.g., one of the leading firm in the field of telecommunications has been sanctioned for almost €17 million).
In the first case, as part of the decision against a leading firm in the field of TLC, the Italian Supervisory Authority declares:
the unlawfulness of aggregate consent requests for a plurality of processing activities, even in cases where, upon initial consent given in this way, management and revocation are later allowed in a granular and specific manner;
the
need to identify proper channels for the exercise of the rights of the data subject, highlighting how the identification of an email or telephone channel does not guarantee the data subject the possibility to prove with certainty the date of his/her request. On the other hand, the identification of the physical channel (registered letter with return receipt) exposes the data subject to costs, which are in opposition to the obligation of the data processor to facilitate the exercise of the data subject’s rights. In this sense, it seems necessary not only to identify a plurality of channels, but also to examine – according to the specific company asset - which is the first point of contact with data subjects: in the mentioned case, in fact, the customer service – however it is a constant point of contact for the data subjects - was not sufficiently instructed to deal with requests regarding the protection of personal data;
the need to extend the requests of objection sent by data subjects to partner companies, who carry out marketing activities - proposing other’s services - as independent data processors.
Also the second decision has been pronounced against a TLC leading company in Italy and the Italian Supervisory Authority provides two other interesting points of reflection representing:
the inaccuracy of the request for acceptance of the privacy policy in cases where consent to the processing of personal data is not required (e.g. when the data subject is asked to put an overall flag for both the T&C and the privacy policy in order to sign an online contract). The request for acceptance is in fact likely to mislead the data subject by referring to a processing that requires his/her express consent (such as, for example, marketing): in such cases it is therefore appropriate to adopt a better formulation that recalls the mere reading of the privacy policy;
the unlawfulness of the request for consent for processing activities which, in fact, are not carried out. According to the Authority, the collection of consent for a marketing activity which is not carried out constitutes a violation of the principles of fairness and transparency referred to in Article 5(1)(a) of the GDPR.
In conclusion, the two recent decisions reiterate the importance of an accountable approach in the design phase of personal data processing activities which aims at protecting the data subject (informing him/her correctly and ensuring that his/her relations with the company are as easy as possible) in order to create a stronger bond of trust.
CONTACT
Nadia Martini
Avvocato
Partner
+39 02 6328 841
Invia richiesta
Profilo
RÖDL & PARTNER ITALY
Discover more about our offices in Italy.
Read more »
DATA PROTECTION BITES
Our newsletter aims at collecting updates, news and insights on data protection matters worldwide, with a special focus on the GDPR.
Read all releases »
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
