Cracking down on telemarketing: the Italian DPA utilizes database seizure in fight against illegal practices

In this unprecedented action, not only were all the companies involved subject to significant fines, but for the first time the Authority deemed appropriate to resort to the instrument of seizure of the databases unlawfully used to operate the unsolicited contacts. This confiscation was carried out on June 6th by the Special Unit for Data Protection and Technological Fraud of the Guardia di Finanza in collaboration with the servicemen of the Verona Provincial Command, concurrently with the notification and publication of the punitive measure.

The Garante took as its starting point the inspection activities carried out by the Guardia di Finanza at two Verona-based companies, Mas S.r.l. and Mas S.r.l.s., which were engaged in promoting services for various entities in the electricity and gas sector. These companies shared offices and employees without adequately formalizing privacy-related relationships and used contact lists of dubious origin and lacking appropriate consent for communication to third parties and direct marketing activities, all while failing to provide prior information to the involved data subjects.

The Authority's investigation led to the involvement of two additional entities, Tuscany-based, namely Sesta Impresa S.r.l. and the mutual company Arnia. While Sesta Impresa, operating as a sub-contractor for several energy companies without adequate appointment as per Article 28 of the GDPR, essentially acted as an intermediary and business partner, the true driving force behind this illicit entrepreneurial initiative was found to be Arnia. 

This company was responsible for carrying out promotional contacts and recording contracts concluded by agents in the energy companies' computer systems, unduly using credentials provided by the latter to Sesta Impresa and thus gaining unauthorised access to their computer systems.

Faced with this 'extremely serious and alarming' scenario - a clear manifestation of the underground activities fuelling the expansion of the longstanding practice of aggressive telemarketing - the Garante chose to take action not only applying dissuasive and proportionate administrative sanctions, but also by adopting inhibitory measures aimed at preventing the reiteration of the incriminated conduct. 

While Sesta Impresa S.r.l. and Mas S.r.l. received swift fines amounting to Euro 300,000 and  Euro 500,000 respectively, the other two entities involved were not only fined - for Euro 200,000 (Mas S.r.l.) and Euro 800,000 (Arnia società cooperativa) - but were also subjected to a particularly burdensome ancillary measure. Following a prognostic assessment of the significant danger posed by future processing activities, the Authority applied the measure of confiscating the electronic and paper supports containing the contact lists in the possession of Mas S.r.l.s. and the Arnia cooperative company, with the aim of depriving these two enterprises of the tools used to carry out unlawful processing activities.

The exceptional recourse to the instrument of database seizure represents a significant signal of the Authority's commitment to fight illegal telemarketing and safeguard citizens' personal data. Furthermore, it serves as a clear warning to all the players in the sector about the potential consequences of engaging in telemarketing activities in breach of applicable data protection regulations.

In addition to holding the involved companies accountable, the Garante also took the opportunity to emphasise once again the need for greater control by contracting entities, an indispensable safeguard for ensuring legality and protection of consumers’ rights. 

Only through an approach aimed at respecting the safeguards offered by the legal system and individuals' privacy will it be possible to strike a balance between companies' interests in promoting their services and consumers' right. This approach will help avoiding sanctions and repressive measures such as those adopted by the Garante