Non-cooperation with Data Protection Authority
The Italian Data Protection Authority (Garante) put a huge fine of €27,8 million was issued to the Italian telecom company TIM.
The Italian Data Protection Authority (Garante) revealed that TIM was fined due to numerous unlawful data processing activities related to marketing and advertising, which included unsolicited promotional calls and prize competitions in which data subjects were entered without consent.
One of the reasons for the large fine was the fact that the unlawful data processing activities involved several million individuals. One individual, for example, was called a total of 155 times in a month while TIM refused to add the affected individual on a no-call list even after several requests. The DPA determined that the company lacked control over the call centers and did not have adequate measures to add people to no-call lists.
TIM also did not provide accurate and detailed enough privacy policies and data processing policies, and as such consumers were not efficiently informed about the data collected and processed. The company’s management of data breaches was also not efficient according to Garante.
Besides the fine, Garante also imposed 20 corrective measures according to Art. 58(2) GDPR which prohibits TIM from processing marketing-related data of those individuals who have refused to receive promotional calls, individuals who asked to be blacklisted and individuals who are not clients of TIM.
The company was also forbidden from using customer data collected from the “My Tim”, “Tim Personal” and “Tim Smart Kid” apps.