Vodafone Italia S.p.A. – €12,251,601 Fine (Italy, 2020)

€12,251,601Garante per la protezione dei dati personali12 November 2020Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Vodafone Italy was fined over 12 million euros for using customer data without consent for telemarketing. The company also used fake numbers for calls and mishandled contact lists. This case highlights the importance of obtaining consent and following data protection laws.

What happened

Vodafone Italy used customer data for telemarketing without proper consent and used fake numbers for calls.

Who was affected

Millions of Vodafone customers whose data was used for telemarketing without consent.

What the authority found

The Italian data protection authority ruled that Vodafone violated GDPR by processing data unlawfully and failing to secure it.

Why this matters

This ruling reinforces the necessity for companies to respect privacy laws and secure customer data. It warns businesses about the risks of non-compliance with data protection regulations.

GDPR Articles Cited

AI-verified

Art. 7 GDPR
Art. 16 GDPR
Art. 21 GDPR
Art. 24 GDPR
Art. 32 GDPR
Art. 33 GDPR
Art. 5(1) GDPR
Art. 6(1) GDPR
Art. 15(1) GDPR
Art. 25(1) GDPR
View original scraped data
Art. 5(1) GDPR
(2) GDPR
Art. 6(1) GDPR
Art. 7 GDPR
Art. 15(1) GDPR
Art. 16 GDPR
Art. 21 GDPR
Art. 24 GDPR
Art. 25(1) GDPR
Art. 32 GDPR
Art. 33 GDPR

Original data from scraper before AI verification against source document.

Source verified 4 March 2026
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Vodafone Italia S.p.A. actions
Full Legal Summary
Detailed

The company was fined EUR 12,251,601 for unlawfully processing personal data of millions of customers for telemarketing purposes. The proceedings were preceded by hundreds of complaints from data subjects about unsolicited telephone calls, which led to an investigation by the data protection authority. This investigation revealed several violations of the data protection law, including the violation of consent requirements and the violation of general data protection obligations such as accountability. One of the main criticisms made by the Data Protection Agency was the use of fake numbers to make promotional calls by the contracted call centers (i.e. phone numbers not registered with the National Consolidated Registry of Communication Operators). Furthermore, further violations could be found in the handling of contact lists purchased from external providers. Finally, security measures for the management of customer data were also considered inadequate.

Related Enforcement Actions (1)

Other enforcement actions involving Vodafone Italia S.p.A. in IT

Current
Nov 2020

Fine

€12.3M

Fine
Nov 2022· Garante per la protezione dei dati personali

The Italian DPA has imposed a fine of EUR 500,000 on Vodafone Italia S.p.A.. A customer had filed a complaint with the DPA against Vodafone. The 80-ye...

€500K

Details

Fine Date

12 November 2020

Authority

Garante per la protezione dei dati personali

Fine Amount

€12,251,601

Enforcement Tracker ID

ETid-438

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Vodafone Italia S.p.A. - Italy (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: