The Garante’s fight against illegal telemarketing continues. The Authority sanctioned Comparafacile and Tiscali, respectively for 40,000 and 100,000 euros. Comparafacile will also have to delete all personal data acquired unlawfully.

The first measure stems from the complaint of a citizen who, despite being registered in the Public Opposition Register (Rpo), continued to receive promotional calls even after the request to delete the data.

The Authority ascertained that Comparafacile, after having purchased personal data from a foreign company, contacted people to ask if they were interested in receiving commercial offers and, if so, sent them a text message with a link to a landing page where they could provide consent. The first telephone contact therefore took place without having checked the consent of the persons concerned (which may have been obtained from the company providing the data) and without having provided them with any information, the viewing of which was conditional on access to the landing page, and thus on the expression of interest in the services.

In the order, the Authority explained that the use of a mechanism that forces the user to declare an interest in a company’s services in order to acquire the information is not legitimate and that, consequently, uninformed consent cannot be considered a valid premise for Comparafacile’s marketing activity.

The Authority did not, however, accept the company’s justification that it was acting as a data controller and not as a holder. But it is precisely the activities carried out by Comparafacile, from the selection of the supplier from which to purchase the lists to the definition of the purpose (to promote its services), up to the choice of the contact channel, that make it the data controller. And it is to the data controller that both the fulfilments required by the legislation and the liability for the alleged violations are attributable.

The measure against Tiscali is part of the Authority’s inspection activities. The investigation revealed that the company provided incomplete information, without indicating any time limit for data retention, in particular for marketing and profiling purposes. Although Tiscali claimed to have acted in compliance with the information notice, the Authority pointed out that failure to comply properly with the obligation to provide information is also punishable, regardless of whether or not it has caused prejudice to the data subject. Moreover, the company Tiscali had carried out so-called soft spam activities, sending – within four months – text messages to over 160,000 customers who had not given their consent to receive promotional communications.

The company unlawfully interpreted in an unlawfully extensive manner the legislation that provides for the sending of advertising communications without the consent of the person concerned only by electronic mail and only under certain conditions: such as, for example, that they relate to products and/or services provided by the proprietor and not by third parties, and that those utilities are similar to those already purchased by the person concerned.

https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9927212