The Italian telecom operator TIM has been fined €27 800 000 by the Italian DPA for breaches of the GDPR.
Numerous and serious violations of the GDPR have emerged from the complex preliminary investigation, that was carried out with the contribution of the Special Protection and Privacy Fraud Unit of the Guardia di Finanza.
Tim has shown that they do not have sufficient knowledge of the fundamental aspects of personal data processing.
Tim had ordered millions
of promotional calls, made in six months to “non customers”, the call
center companies commissioned by Tim have, in many cases, contacted the
interested parties without their consent. One person was called 155 times
in a month.
In about two hundred thousand cases, “off-list” numbers were contacted,
that is, not at all present in Tim’s lists of contactable people. Other
illegal behaviors were then detected, such as the absence of control by the
company on the work of some call centers; incorrect management and failure
to update the black lists where people who do not want to receive advertising
are registered; the compulsory acquisition of consent for promotional
purposes in order to join the “Tim Party” program with its discounts
and prizes.
Furthermore, in the management of some apps intended for customers, incorrect and non-transparent information on the processing of data was provided and invalid consent acquisition methods were adopted, paper forms were used with a request for a single consent for various purposes, including marketing.
It is surprising to see such ignorance from a company that are largely dependent on the processing of personal data, especially since it is almost two years after the GDPR entered into effect.
It will be interesting to follow the internal proceedings of TIM, since top management should have corrected these issues a long time ago.
https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9256409