Confalonieri S.r.l. – Violation Found (Italy, 2025)
Confalonieri S.r.l. faced scrutiny for its cookie consent practices on its website. The investigation revealed that the cookie banner was misleading and did not allow users to refuse cookies properly. Businesses should ensure their cookie consent mechanisms are clear and user-friendly.
What happened
Confalonieri S.r.l.'s website had a cookie banner that misled users about their ability to refuse cookies and did not provide clear information.
Who was affected
Website visitors who interacted with Confalonieri S.r.l.'s cookie banner were affected by the unclear consent options.
What the authority found
The Italian data protection authority found that the company's cookie banner violated privacy rules by being misleading and not allowing proper consent withdrawal.
Why this matters
This case highlights the importance of transparent cookie consent practices. Companies should review their cookie banners to ensure they comply with privacy regulations.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
In 2023 the DPA started several ex officio investigations on the use of cookies and other trackers on the websites of a number of businesses. One of these businesses was car retailer Confalonieri S.r.l. (the data controller). The DPA found that the controller’s website displayed a cookie banner with three buttons: “Accept all”, “Learn more”, and an “X” button that closed the banner. The website included links to a cookie policy, a privacy notice, and a page with cookie settings. The investigation highlighted the following issues: * If visitors clicked the “X” button, the cookie banner was displayed again upon subsequent visits to the website; * The website did not store unnecessary cookies when visitors clicked the “X” button. However, the cookie banner did not inform users that they could refuse cookies this way; * The cookie policy did not list the recipients of personal data; * The cookie policy and the privacy notice both contained outdated legal references. The controller changed its website during the investigation. After the update, the website displayed a small footer that succinctly informed visitors that they “declare that they read the privacy policy (…) and consent to the processing of their personal data for the required service”. The only available buttons were “Accept” and “Privacy notice”. The cookie policy was no longer available on the website and the privacy notice contained no mention of cookies and other trackers. The DPA found the following violations: * The controller violated Articles 12 and 13 GDPR by providing insufficient information about the processing of personal data; * The controller nudged visitors towards giving (invalid) consent by repeatedly displaying the cookie banner after they clicked the “X” button. This practice violated Articles 4(11), 5, and 7 GDPR as well as Art. 122 d. lgs. 196/2003This provision is the implementation of Article 5(3) ePrivacy Directive in Italian law.: * The controller violated Articles 24 and 25 GDPR
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Violations (4)
Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.
Art. 7 GDPR
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Confalonieri S.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Confalonieri S.r.l. - Italy (2025). Retrieved from cookiefines.eu
Last updated: