The Italian data protection authority took action against electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation (GDPR) regarding marketing communications and data processing transparency.

Garante announced Feb. 21 it fined Edison 4.9 million euros (then-U.S. $5.2 million) back in December after receiving multiple complaints from individuals of unwanted communications on behalf of the company. The regulator notified Edison of its investigation in May, and the company disputed the claims in June.

In addition to the penalty assessed, Garante is requiring Edison to adopt suitable procedures aimed at verifying compliant processing of personal data regarding promotional activities and enhance its customer consent procedures. The company was given 45 days to notify the regulator of progress made.

The details: At the heart of the complaints Garante received was the activity of an unnamed call center carrying out communications in the interest of Edison. Some of these call recipients had not consented to be contacted.

Edison represented the activities of the call center—specifically, an employee who was subsequently terminated—were carried out against the company’s wishes, to the point it had taken legal action in response to the “fraudulent conduct.” Garante considered this explanation but determined Edison did not “appear to have taken care, as necessary, of verifying the effective compliance with the legislation of the consents acquired from the supplier,” it said in its translated press release.

Regarding transparency, the regulator said the company’s user registration on its website and app did not “constitute an appropriate legal basis” for marketing and profiling purposes because it was “neither specific nor free.” The company said this was the result of a typo.

Ultimately, Edison was found to have violated Articles 5, 6, 7, 12, 21, 24, and 25 of the GDPR. Aggravating factors in the case included the amount of customers affected and seriousness and negligent nature of the conduct, according to Garante.

The company received credit for its efforts to counter the abusive telemarketing by the third party, cooperation, and corrective measures it already adopted.

Edison did not respond to a request for comment.

Kyle Brasseur is Editor in Chief of Compliance Week. His background includes expertise in user personalization with ESPN.com.

Topics