Realmaps – €100,000 Fine (Italy, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Realmaps faced a hefty fine for improperly sharing personal data with real estate agencies, leading to unwanted marketing calls. The investigation revealed that Realmaps provided detailed lists of property owners without ensuring the data was collected lawfully. The fine of EUR 100,000 underscores the importance of responsible data handling.
What happened
Realmaps sold lists of property owners' personal data, including contact information, to real estate agencies without verifying the legality of the data collection.
Who was affected
Property owners whose personal information was sold to real estate agencies without their knowledge were affected.
What the authority found
The Italian data protection authority ruled that Realmaps violated multiple GDPR provisions by failing to ensure lawful data processing.
Why this matters
This case serves as a warning for companies that handle personal data to verify the legality of their data sources. Businesses should conduct thorough checks to ensure compliance with data protection laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Between May 2022 and April 2024, the DPA received numerous complaints stating that multiple data subjects received calls from real estate agencies for marketing purposes. These real estate agencies, upon request, shared that they had acquired personal data from Realmaps, the controller. The DPA decided to investigate how the data processing by the controller took place. The investigation revealed that the controller provides multiple real estate’s lists of property owners, containing telephone numbers and cadastral data on their properties. Upon request of the real estate agencies, the controller buys these cadastral data, and places them on the controllers’ database, together with name, surname, contact data, social security number, email and home address. Through a specific software, these information are matched and then a list with all the information of each property owner is sent to the real estate agency that requested it so that they can use for marketing purposes. The DPA considered that both the real estate agency and Realmaps are to be considered controllers in the case at hand. The DPA found a long list of violations. Violation of Articles 5(2), 6(1)(a), 7, 24, 13, 14 GDPR The DPA held that the controller did not make any random check on the lawfulness of the data acquired, stating that lawfulness was ensured by the list provider on the basis of their contractual relationship. However, the DPA considered that the controller did not verify, nor proofread, the informed consent given by data subjects. It cannot be held that a consent initially expressed consciously with regard to certain processing operations may be used for successive transfers of personal data from one controller to another in a manner totally unforeseeable for the data subject. In compliance with the principle of accountability, the controller should have verified at least by means of a congruous sample, the lawfulness of the consent given. Moreover, the DPA held that two distinct
Related Enforcement Actions (0)
No other enforcement actions found for Realmaps in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
16 January 2025
Authority
Garante per la protezione dei dati personali
Fine Amount
€100,000
GDPRhub ID
gdprhub-9051About this data
Cite as: Cookie Fines. Realmaps - Italy (2025). Retrieved from cookiefines.eu
Last updated: