Click to open contact form.
Your Global Partners in the Business of Innovation

Italy: Vodafone Fined over €12 million for GDPR Violations

Publications / Nov 30, 2020

Join us on our privacy and data protection webinar (held in Hebrew) on December 7th at 11:00 am Israel time, for an in-depth discussion of important developments in Israel and around the world. Participation is free of charge but is subject to prior registration. Click HERE for more information and to register.

Article written by Haim Ravia, Dotan Hammer and Adi Shoval

The Italian Data Protection Authority imposed a fine of €12,250,000 on the telecommunication giant Vodafone for unlawfully processing the personal data of millions of users for telemarketing purposes.

The Italian authority initiated an investigation against Vodafone amid hundreds of complaints submitted by users alleging that the company has made unsolicited phone calls to promote its telephone and Internet services.

The investigation revealed that Vodafone violated the consent requirements as well as other GDPR key principles such as accountability and data protection by design.  Specifically, Vodafone was found to have used fake telephone numbers or numbers that were not registered with the National Consolidated Registry of Communication Operators, to place these marketing calls. Vodafone has also used contact lists purchased from third parties without ensuring the data subjects had given their free, informed, and specific consent. The authority also found that Vodafone’s security measures were inadequate. Customers were sometimes contacted by operators purporting to be acting on Vodafone’s behalf and requesting IDs to be sent to them via WhatsApp.

In addition to the fine imposed on the company, Vodafone was also required to implement several measures set out by the Italian authority to comply with national and EU data protection legislation.

CLICK HERE to read the Italian Data Protection Authority’s press release regarding Vodafone.