Sky Italia latest fined under GDPR over telemarketing practices

Sky Italia was ordered to pay nearly €3.3 million (U.S. $3.8 million) for allegedly misusing customer data to make unwanted promotional phone calls. The figure, ordered Sept. 16, represents approximately 2.5 percent of the maximum penalty applicable in the case (roughly €132 million, or U.S. $154 million).

The penalty is the sixth-largest announced by Garante, according to the GDPR Enforcement Tracker, with four of the five above it coming against telecommunications companies for similar violations of the privacy law.

In this most recent case, Garante said dozens of customers complained of receiving unwanted phone calls promoting Sky’s services both directly and through third-party call centers. These calls were made without consent using unverified lists acquired from other companies, Garante alleged.

“Unlike what Sky believed, in fact, the consent to communicate their data to third parties given by users to the company providing the lists did not authorize it to use the names for promotional purposes,” Garante explained in a translated press release. “In order to carry out the telemarketing activity correctly, Sky, at the beginning of the phone call, should have provided the user with its own information, also explaining the origin of the data and—only after obtaining consent—proceed with the commercial proposal.”

Garante further noted a veteran company like Sky “should have set their basic choices in compliance with the privacy legislation.”

In addition to the fine, Sky was ordered to cease further processing for promotional and commercial purposes carried out through third-party lists acquired in the absence of consent checks among other improvements. Garante noted the company’s cooperation and remediation measures already adopted as mitigating factors toward the determination of its financial penalty.

Sky Italia did not respond to a request for comment.