La Prima S.r.l. – €5,000 Fine (Italy, 2021)

The Italian DPA (Garante) has imposed a fine of EUR 5,000 on the real estate portal La Prima S.r.l.. A data subject had filed a complaint against the controller with the DPA. She complained about receiving a contact request on Linkedin by an employee of La Prima, which aimed to offer real estate services related to a specific property owned by the data subject. The controller had obtained the information regarding the data subject's ownership of the property from an openly accessible public register. At no time had the data subject consented to such a contact request. The controller had argued during the DPA's investigation that consent for others to contact her could be inferred from the fact that she had a public profile. However, the DPA noted that the exchange of information via a social network should only allow for what is specified in the relevant terms of use. The DPA clarified that the platform is intended to enable the exchange of contact information in order to make job offers. In contrast, it is not intended that users use the platform to send messages to other users in order to sell services. Moreover, it is irrelevant whether a user profile is public or not. Consequently, the DPA concluded that the controller had processed the data unlawfully.