Privacy Guarantor Fastweb fines 4.5 million for promotional calls

• Privacy, agreement between the Guarantor and Facebook: new tools to block 'revenge porn'

• Covid, Privacy Guarantor: no to 'vaccination passes', a national law is needed

• The Privacy Guarantor orders the blocking of TikTok: "It must ascertain the personal age of the users"

• Telemarketing, the Privacy Guarantor sanctions Vodafone

Share

02 April 2021 The Privacy Authority has ordered Fastweb to pay a fine of over 4 million and 500 thousand euros "for having unlawfully treated the personal data of millions of users for telemarketing purposes".

In this way the Privacy Guarantor has sanctioned the phenomenon of unwanted promotions calls.

"This concludes - reports the Guarantor in a note - a complex investigation started following hundreds of reports and complaints from users who complained about continuous promotional telephone calls and internet services offered by Fastweb made without their consent".

The investigations carried out by the Authority "highlighted important 'system' criticalities, attributable to the complex of treatments carried out by Fastweb towards both the entire customer base of the company and the wider range of potential users in the electronic communications sector".

In the

"revealed an alarming resorted to using fictitious numbers or not registered in the Register of Communications Operators (Roc). This phenomenon, as evidenced by the Authority, appears to be due to a 'undergrowth' call - abusive centers that carry out telemarketing activities in total disregard of the provisions on the protection of personal data. Further violation profiles concerned the correct management of the contact lists, provided to Fastweb by external partners, without the latter having acquired the free, specific and informed consent of users to communicate their data ".

"The security measures of the customer management systems were also inadequate - according to the Guarantor".

The Authority had in fact received numerous reports that reported undue contacts by self-styled Fastweb operators who were trying to acquire, via Whatsapp, the identity documents of the contracting parties, probably for the purpose of spamming, phishing and for carrying out other fraudulent activities.

Other critical issues were detected by the Guarantor in the promotional activity carried out by Fastweb in partnership with another subject for having used customer lists provided by the latter without consent to the marketing activity.

Other violations concerned procedures adopted for the "Call me back" service that prevented users from giving free, specific and informed consent and from deactivating the service in an automated manner.

Taking into account the offenses found, the Guarantor applied a fine of € 4,501,868.00.

The Authority "therefore ordered Fastweb to adapt the telemarketing treatments in order to provide and prove that the activation of offers and services and the registration of contracts only take place following calls made by the sales network through registered telephone numbers. and registered with the Roc. The company will also have to strengthen the security measures to prevent unauthorized access to its databases ".

Finally, Fastweb "will no longer be able to use the data contained in the personal data lists provided by third party partners, without the latter having acquired a specific, free and informed consent from the interested parties to communicate their data to third parties". 

Fastweb following the fine announced: "Fastweb considers data protection and the protection of the privacy of its customers a priority and to this end cooperated with the Guarantor during the investigation to identify the most suitable tools to ensure that the phenomena described and relating to the period from December 2018 to February 2020 can no longer occur. As recognized by the Guarantor, the company immediately launched, starting from February 2020, a program of actions aimed at this sense, through the gradual disposal of telemarketing activities that do not have reliability requirements, the strengthening of security measures for access to company databases and the adoption of more stringent control measures on the sales network ".