• Antitrust fine Tim: 4.8 million for winback offers and unsolicited services
  • Prepaid traffic, Agcom fines Tim, Vodafone and Wind Tre

Share

February 1, 2020 Sanction of over 27 million euros (27,802,946) for numerous illegal data processing related to marketing activities. It is the fine imposed by the Guarantor of privacy on Tim, for violations that have affected a few million people overall.

From January 2017 to the first months of 2019, explains the Guarantor, hundreds of reports were received by the Authority relating, in particular, to the reception of unwanted promotional calls made without consent or despite the registration of telephone users in the Public Register of oppositions, repeated despite the fact that the people contacted had expressed their willingness not to receive promotional calls to the company. Other irregularities complained of by Tim customers on the processing of data concern the offer of prize competitions and in the forms submitted to users.

CEO Gubitosi does not comment
"Today we are talking about Italiacamp", said the CEO of Tim, Luigi Gubitosi, he preferred not to respond to the reporters who, on the sidelines of the tenth anniversary of Italiacamp, asked him for a comment on the fines from the Antitrust and the Guarantor of privacy and if intends to resort to the Tar.

Among the violations that emerged, 155 calls in a month
The investigation activity of the Privacy Authority was also carried out with the contribution of the Special Unit for the Protection of Privacy and Technological Fraud of the Guardia di Finanza. "Numerous and serious violations" of the discipline regarding the protection of personal data have emerged and according to the Guarantor, Tim "has shown that he does not have sufficient knowledge of fundamental aspects" of the data processing carried out (accountability).

Among the millions of promotional calls made in six months to 'non-customers', the Authority found that "the call center companies commissioned by Tim have in many cases contacted the interested parties without their consent: a person has been called 155 times in a month. "

Lack of control over call centers
In about 200 thousand cases, 'off-list' numbers were contacted, that is, not present in Tim's lists of contactable people. Other illegal conduct such as the absence of control by the company on the work of some call centers, the incorrect management and failure to update the black lists where the people who are registered are detected, as stated in the Guarantor's note they do not want to receive advertising, the obligatory acquisition of consent for promotional purposes in order to join the 'Tim Party' program with its discounts and prizes.

Incorrect apps
In the management of some apps for customers, moreover, "incorrect and non-transparent information on data processing was provided and invalid consent acquisition methods were adopted": in some cases paper forms were used with the request for a single consent for various purposes, including marketing.

Violations of the privacy regulation
The management of data breaches, the Authority still notes, "was not efficient, just as the implementation and management by the Company of systems that process personal data (with violation of the principle of privacy by design) were inadequate ". Furthermore, "misalignments have emerged between Tim's black lists and those of the appointed call centers, as well as for the audio recordings of the contracts entered into by telephone (verbal order)".

Data kept beyond limits
The utilities of customers of other operators, held by Tim as manager of the Networks, have been kept for longer than the legal limits and included, without the consent of the interested parties, in some promotional campaigns. In addition to the sanction, the Authority imposed on Tim twenty corrective measures, including prohibitions and prescriptions. In particular, he forbade Tim from using the data for marketing purposes of those who had expressed their refusal to receive promotional calls to the call centers, those on the black list and the 'non-customers' who had not given their consent.

No data collection via app
The company will no longer be able to use customer data collected through the 'My Tim', 'Tim Personal' and 'Tim Smart Kid' apps for purposes other than the provision of services without free and specific consent. Among the prescriptions, the Guarantor has ordered Tim to verify the consistency of the black lists used and to promptly acquire those possibly formed by the call centers to transfer them to its black list. Tim will also need to review the 'Tim Party' program and allow customers access to discounts and sweepstakes by eliminating mandatory marketing consent.

The company must also check the procedure for activating all the apps, always specify, in clear and understandable language, the treatments carried out with an indication of the purposes pursued and the methods of treatment used, as well as acquire a valid consent and must also implement the technical and organizational measures relating to the management of requests to exercise the rights of the interested parties and strengthen measures aimed at ensuring the quality, accuracy and timely updating of personal data processed by the various systems of the company.

Penalty to be paid within 30 days
The required measures and implementations - concludes the Guarantor - must be introduced and communicated to the Authority within set times, while the payment of the sanction must be made within thirty days.