The Italian Data Protection Authority imposes Fastweb a €4.500.000 fine for infringing several #GDPR provisions
– the company has not implemented control systems of the chain of collection of #personaldata to make sure that service activations had not been made from unwanted promotional calls merged into FW database (art. 5(1) and (2), art 6(1), 7, 24 and 25(1)
– FW acquired lists of PD from third parties in the absence of the required consent (it involved at least 7,542,000 data subjects in 2019) arts. 5-7
– for the activation, release of the information and revocation of the «Call me back» service ( 5, 6, 7, 12, 13 and 21). The information wasn’t clear and the method was incredibly invasive: users could be called 4 times per hour (every 15m) up to 20 attempts in a day ”before“ the contact was reached. Users denounced ‘telephone persecution»
– failing to implement adequate security systems (art. 24 and 32) and to notify data breaches (art. 33-34)
– failure to correct inaccurate data: art. 5(1)(d)
– processing of personal data for promotional purposes without consent and pending the adequacy of the LI: art 5-7
Press release and fine
0 comentarios