Benetton Group S.r.l. – €240,000 Fine (Italy, 2023)

€240,000Garante per la protezione dei dati personali27 April 2023Italy
final
Fine

Benetton Group S.r.l. was fined EUR 240,000 for not properly protecting customer data and for placing cookies on users' devices without consent. This case is important because it highlights the need for companies to implement strong data protection measures and to be transparent about their cookie practices.

What happened

Benetton Group S.r.l. stored customer data indefinitely and failed to provide clear cookie information or obtain consent.

Who was affected

Customers whose data was stored and tracked without proper consent.

What the authority found

The Italian DPA ruled that Benetton Group S.r.l. violated GDPR by not implementing appropriate security measures and failing to obtain consent for cookies.

Why this matters

This ruling underscores the necessity for businesses to have clear cookie policies and robust data protection practices. Companies must ensure they are compliant with privacy regulations to avoid significant fines.

GDPR Articles Cited

AI-verified

Art. 5(1)(c) GDPR
Art. 5(1)(e) GDPR
Art. 32(1)(b) GDPR
View original scraped data
Art. 5(1)(c) GDPR
Art. 5(1)(e) GDPR
Art. 32(1)(b) GDPR

Original data from scraper before AI verification against source document.

Source verified 10 March 2026
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Benetton Group S.r.l. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 240,000 on Benetton Group S.r.l.. The controller had stored a large amount of customer data indefinitely. The DPA also found that the administrative database of employees of stores from 7 countries were accessible with a single password. The DPA considered this to be a breach of the obligation to implement appropriate technical and organizational measures to protect personal data. In assessing the fine, the DPA considered the fact that a very large number of people were affected by the data protection violations as an aggravating factor.

Violations (5)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Cookies Persist After Rejection
critical

Tracking cookies remain active or are re-placed even after the user explicitly rejects them.

Art. 6(1) GDPR

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Unclear Cookie Information
high

The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.

Art. 12, 13 GDPR

No Granular Cookie Choice
high

Users cannot select or deselect individual cookie categories; consent is presented as all-or-nothing.

Art. 4(11) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Benetton Group S.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

unknown (claimant)

2021 · DPA OLGLinz

Details

Fine Date

27 April 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€240,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 80%

Cite as: Cookie Fines. Benetton Group S.r.l. - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: