Fastweb S.p.A. – €4,500,000 Fine (Italy, 2021)

€4,500,000Garante per la protezione dei dati personali25 March 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Fastweb S.p.A. was fined EUR 4.5 million by Italy's data protection authority for aggressive telemarketing practices. The company used personal data without consent and failed to protect users from fraudulent activities. This case highlights the importance of obtaining proper consent and safeguarding user data in marketing campaigns.

What happened

Fastweb S.p.A. used personal data for telemarketing without valid consent and failed to secure it against fraud.

Who was affected

Millions of users whose personal data was processed for telemarketing without their consent.

What the authority found

The authority found that Fastweb lacked a valid legal basis for processing personal data and failed to protect it, violating several GDPR articles.

Why this matters

This case underscores the need for companies to ensure they have proper consent for using personal data in marketing and to protect it from misuse. It serves as a warning to businesses about the consequences of neglecting data protection rules.

GDPR Articles Cited

AI-verified

Art. 5 GDPR
Art. 6 GDPR
Art. 7 GDPR
Art. 12 GDPR
Art. 13 GDPR
Art. 21 GDPR
Art. 24 GDPR
Art. 25 GDPR
Art. 32 GDPR
Art. 33(1) GDPR
Art. 34(1) GDPR
View original scraped data
Art. 5 GDPR
Art. 6 GDPR
Art. 7 GDPR
Art. 12 GDPR
Art. 13 GDPR
Art. 21 GDPR
Art. 24 GDPR
Art. 25 GDPR
Art. 32 GDPR
Art. 33(1) GDPR
Art. 34(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Fastweb S.p.A. actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has fined Fastweb S.p.A. EUR 4,500,000 for aggressive telemarketing. Following a complex preliminary investigation launched after hundreds of reports and complaints from users, the DPA finds that the controller illegally processed the personal data of millions of users for telemarketing purposes. Namely, the call centers working for Fastweb largely acted in disregard of data protection regulations. They often used telephone numbers for their calls that were not registered in the Italian register for communications operators (Registro degli Operatori di Comunicazione). Moreover, they processed contact data for promotions Fastweb had received from external partners without the data subjects having given valid consent for their data to be shared. In addition, many users reported being contacted by 'self-proclaimed Fastweb operators' who attempted to obtain contractors' identity documents via WhatsApp, likely for the purpose of spamming, phishing and other fraudulent activities. Other breaches involved procedures for the 'call me back' service that made it impossible for users to give free, specific and informed consent and to deactivate the service in an automated manner.

Related Enforcement Actions (1)

Other enforcement actions involving Fastweb S.p.A. in IT

Current
Mar 2021

Fine

€4.5M

Fine
Jun 2024· Garante per la protezione dei dati personali

The Italian DPA has imposed a fine of EUR 1 million on Fastweb S.p.A. due to unauthorized telemarketing, the unlawful storage of customer data after c...

€1.0M

Details

Fine Date

25 March 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€4,500,000

Enforcement Tracker ID

ETid-620

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Fastweb S.p.A. - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: