You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Global
Contatto
it
Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |
In tutto il mondo
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Mondiale
Algeria
Angola
Arabia Saudita
Argentina
Australia
Austria
Azerbaigian
Bahrain
Belgio
Bielorussia
Bosnia ed Erzegovina
Botswana
Brasile
Bulgaria
Cambogia
Canada
Cile
Cina
Cipro
Colombia
Corea del Sud
Costa Rica
Croazia
Danimarca
Ecuador
Egitto
Emirati Arabi Uniti
Estonia
Etiopia
Finlandia
Flippine
Francia
Georgia
Germania
Ghana
Giappone
Grecia
Hong Kong
India
Indonesia
Irlanda
Italia
Kazakistan
Kenya
Kuwait
Lettonia
Libia
Liechtenstein
Lituania
Lussemburgo
Macedonia del Nord
Malesia
Marocco
Mauritius
Messico
Moldavia
Mongolia
Mozambico
Myanmar
Namibia
Nigeria
Norvegia
Nuova Zelanda
Oman
Paesi Bassi
Pakistan
Perù
Polonia
Portogallo
Qatar
Regno Unito
Repubblica Ceca
Romania
Serbia
Singapore
Slovacchia
Slovenia
Spagna
Sudafrica
Svezia
Svizzera
Taiwan
Tanzania
Thailandia
Tunisia
Turchia
Ucraina
Uganda
Ungheria
Uruguay
USA
Uzbekistan
Vietnam
Zambia
I nostri uffici Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(I colori appaiono al passaggio del mouse)
Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra
Cookie Policy
.
Approfondimenti
Servizi
Whistleblowing
Data Protection
Servizi legali
Servizi fiscali
Servizi multipractice
Industry
Revisione contabile
Formazione
Professionisti
Media
Rödl E-Book
RÖDL REPLAY - I NOSTRI WEBINAR
Newsletter
Legal Newsletter
Tax Newsletter
Data Protection Bites
Comunicati stampa
Comunicati operazioni
Rödl E-Book
Rödl & Partner sulla stampa online
Eventi
Su di noi
Currently selected
E-Book INTERNATIONAL VAT GUIDELINES
Uno studio internazionale
Uno studio internazionale
Le nostre sedi
Impegno sociale
Whistleblowing
Codice Etico
Modello 231
Sostenibilità
Carriera
Media
Pubblicazioni
Newsletter
Data Protection Bites
Data Protection Bites 7/2020
What does the sanction to Vodafone by the Italian Data Protection Authority tell us?
Recent
Italian (Italy)
Currently selected
Consulenza legale, Consulenza fiscale, Audit, Servizi in outsourcing
Approfondimenti
Carriera
Cookie Policy
Cookie Policy
Eventi
Home
Informativa Privacy
Media
Privacy Policy
Professionisti
Servizi
Uno studio internazionale
BPO - Business Process Outsourcing
no-it-version-available
Profile
Error 404!
Error 401!
What does the sanction to Vodafone by the Italian Data Protection Authority tell us?
Page Content
published on 18 December 2020 | reading time approx. 3 minutes
On last 12 November, the Italian Data Protection Authority imposed a measure on Vodafone Italia S.p.A in the amount of more than 12.250.000. The measure is the result of an investigation initiated by the Authority following hundreds of complaints from users relating continuous unwanted promotional telephone contacts by Vodafone and its sales network. Based on this decision, companies shall keep in mind a few staple compliance measures.
The Italian Data Protection Authority has ordered Vodafone to pay a fine of over 12 million and 250 thousand euros for having illegally processed the personal data of millions of users for telemarketing purposes. In addition to the payment of the fine, the company will have to adopt a series of measures dictated by the Authority to comply with national and European legislation on data protection.
The case shows the constant commitment of the Authority to contrast the phenomenon of illicit contacts and unwanted calls for promotional purposes within the scope of telemarketing activities. As of December 2019, in fact, the Italian Garante has ordered five sanctions against telcos and energy companies for a total of 66 million euros.
In this case, the main arguments that led the Italian Garante to sanction Vodafone allows to keep note of some of the steps companies shall adopt to prevent similar consistent measures in the future:
1. Timely and thorough reply to the exercise of fata subject’s rights, regardless of the channel used by the data subject
Vodafone was deemed responsible for failing to respond to the exercise of data subject’s rights. The counterargument by Vodafone that rights were not always directed to the proper email addresses and channel was not considered adequate. Any request to exercise rights received from interested parties through any of the company's channels shall be handled.
2. Monitoring of the adequacy of system and data base security measures to prevent data breaches
Regarding the multiple unauthorized accesses to Vodafone's data base, the Authority highlighted a security flaw in Vodafone's systems that was not promptly remedied. The company thus failed to implement adequate security measures. In addition to unauthorized access by third parties, this flaw has also led to the illicit contacting of Vodafone customers to propose alternative operators to those of Vodafone. Moreover, such accesses have not been reported as a data breach to the Authority.
3. Consent as legal basis of Marketing activities
The Italian Data Protection Authority observed in this case too many individuals who had not given their consent were contacted illicitly. The company is to be held responsible to verify the correctness of all data processed, also when the telemarketing activity is carried out by other providers, who shall be qualified as data processors.
4. Control over the external subjects authorized to conclude contracts for the Company
Vodafone admitted not to have carried out controls over the agents acting on behalf of the company that resulted not being register in the Registro degli Operatori di Comunicazione. The Garante claimed a lack of legitimacy of the operators not authorized to conclude the contracts.
In conclusion, once again Data Protection Authority proved to value the accountability in all steps of the activities of the controller. A thorough monitoring activity, carried out both internally and on the partners, appears to be the only way to contain and prevent the risk of complaints and sanctions.
CONTACTS
Nadia Martini
Avvocato
Partner
+39 02 6328 841
Invia richiesta
Profilo
RÖDL & PARTNER ITALY
Discover more about our offices in Italy.
Read more »
DATA PROTECTION BITES
Our newsletter aims at collecting updates, news and insights on data protection matters worldwide, with a special focus on the GDPR.
Read all releases »
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
