Verizon Connect Italy S.p.A. – €30,000 Fine (Italy, 2022)
Verizon Connect Italy S.p.A. was fined for tracking a person's location without their consent. The company provided geolocation services to another business but failed to inform the employee about the tracking devices in their vehicle. This case highlights the importance of transparency and consent in using tracking technologies.
What happened
Verizon tracked an employee's location using geolocation devices without their consent.
Who was affected
The employee of Giessegi Industria Mobili, who was unaware of the tracking devices in the vehicle they used for deliveries, was affected.
What the authority found
The Italian data protection authority found that Verizon violated GDPR rules by not having a valid legal basis for processing personal data.
Why this matters
This ruling emphasizes that companies must be transparent about tracking practices and obtain proper consent. Businesses using tracking services should ensure they inform users about such technologies.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A data subject filed a complaint against Verizon Connect Italy S.p.A., a company providing geolocation services. The data subject claimed to have found a device in the vehicle that they used to deliver goods on behalf of a second company, Giessegi Industria Mobili. The data subject was employed by Giessegi and had no direct relationship with Verizon. Verizon provided geolocation services to Giessegi, which wanted to keep track of its vehicles. The data subject was not informed by the employer about the existence of geolocation devices installed on the vehicle. Therefore, the data subject addressed Verizon, whose name is visible on the device, with an access request. This request did not receive any reply. After examining the defense notes provided by the company, the Italian DPA opened an administrative procedure in order to ascertain potential violations of Articles 5(1)(a), 6 and 28(3) GDPR. During the investigation, Verizon claimed it has no controllership on the processing at issue. In the terms of services signed by Giessegi, Verizon qualified itself as a mere processor of personal data on behalf of Giessegi, which was the true controller. This is also the reason why usually Verizon does not reply to access requests from data subjects but only facilitates access indirectly by providing all relevant data to its clients. In addition, as the agreement with Giessegi expired in 2020, Verizon deactivated its devices and has no longer access to geolocation information. However, the Italian DPA ascertained that a written agreement between Verizon and Giessegi setting up the specific obligations of the processor did not exist. This could lead to a violation of Article 28(3) GDPR. Verizon replied that the obligation to conclude a written agreement between controller and processor is not clearly stated in the GDPR. Such an obligation stems from the [https://edpb.europa.eu/system/files/2021-07/eppb_guidelines_202007_controllerprocessor_final_en.pdf EDPB guidelines 07/202
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Verizon Connect Italy S.p.A. in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
15 December 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€30,000
GDPRhub ID
gdprhub-5717About this data
Cite as: Cookie Fines. Verizon Connect Italy S.p.A. - Italy (2022). Retrieved from cookiefines.eu
Last updated: