Trasporto Passeggeri Emilia-Romagna S.p.A. (TPER) – €50,000 Fine (Italy, 2024)
Trasporto Passeggeri Emilia-Romagna was fined for collecting invalid consent from customers for data processing. This matters because it emphasizes the need for companies to clearly explain how they will use personal data. Users should have the right to choose what happens with their information.
What happened
Trasporto Passeggeri Emilia-Romagna collected invalid consent for processing personal data on a subscription form.
Who was affected
Customers who signed the subscription form without understanding how their data would be used.
What the authority found
The authority found that the company did not provide clear information about data processing, violating GDPR's consent requirements.
Why this matters
This case highlights the importance of clear and specific consent forms. Businesses must ensure that users can make informed choices about their personal data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
According to a report submitted to the Italian DPA pursuant to Article 144 of the Italian Privacy Code (‘Code’) a public transport company called Trasporto Passeggeri Emilia-Romagna S.p.A. (‘TPER’ or ‘controller’) collected invalid consent in its printed form for the subscription of seasonal tickets. The form has been in force since 1 July 2016 and is still in use. In particular, the consent in question concerned the following purposes under letters b) and c) of the form: *b) personal data collected and processed by third parties appointed by TPER, used for market research, satisfaction surveys, promotional initiatives, and information dissemination via telephone calls; * c) personal data also processed by appointed third parties for activating the SMS forwarding service, concerning information on strikes and planned changes to the service. The form included information that a failure to give consent would make it impossible for the controller to carry out the processing and, therefore, impossible for the data subject to access the services indicated. The data subjects were not able to express specific consent for each processing purpose envisaged as the form only required a signature from the users at the bottom of the form. Additionally, the printed form stated that providing this data was obligatory for the issuance of TPER's personal identification card. It further asserted that individuals declared that they received and read the information provided according to Article 13 GDPR by purchasing the card. TPER admitted that the expression used in the printed form may be unclear and misleading. The form was not intended to issue a compulsory consent in order to obtain the purchase of the seasonal ticket. In relation to this, TPER added that the printed form bears the wording ‘I consent’ or ‘I do not consent’. Customer’s wish should be expressed orally and entered in the TPER’s system by an operator. The controller also clarified that the duration of the dat
Violations (3)
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
Users cannot select or deselect individual cookie categories; consent is presented as all-or-nothing.
Art. 4(11) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Trasporto Passeggeri Emilia-Romagna S.p.A. (TPER) in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
22 February 2024
Authority
Garante per la protezione dei dati personali
Fine Amount
€50,000
GDPRhub ID
gdprhub-7832About this data
Cite as: Cookie Fines. Trasporto Passeggeri Emilia-Romagna S.p.A. (TPER) - Italy (2024). Retrieved from cookiefines.eu
Last updated: