Confalonieri S.r.l. – Violation Found (Italy, 2025)
Confalonieri S.r.l. faced scrutiny for its cookie consent practices on its website. The data protection authority found that the company's cookie banner was misleading and did not allow users to refuse cookies effectively. This ruling stresses the importance of clear cookie consent mechanisms for website operators.
What happened
Confalonieri S.r.l. was found to have a misleading cookie banner that did not allow users to easily refuse cookies.
Who was affected
Visitors to Confalonieri S.r.l.'s website were affected by the unclear cookie consent practices.
What the authority found
The authority ruled that Confalonieri's cookie banner violated GDPR by not providing clear options for users to accept or reject cookies.
Why this matters
This ruling serves as a warning to website operators about the importance of transparent cookie consent practices. Companies must ensure their cookie banners are clear and user-friendly.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
In 2023 the DPA started several ex officio investigations on the use of cookies and other trackers on the websites of a number of businesses. One of these businesses was car retailer Confalonieri S.r.l. (the data controller). The DPA found that the controller’s website displayed a cookie banner with three buttons: “Accept all”, “Learn more”, and an “X” button that closed the banner. The website included links to a cookie policy, a privacy notice, and a page with cookie settings. The investigation highlighted the following issues: * If visitors clicked the “X” button, the cookie banner was displayed again upon subsequent visits to the website; * The website did not store unnecessary cookies when visitors clicked the “X” button. However, the cookie banner did not inform users that they could refuse cookies this way; * The cookie policy did not list the recipients of personal data; * The cookie policy and the privacy notice both contained outdated legal references. The controller changed its website during the investigation. After the update, the website displayed a small footer that succinctly informed visitors that they “declare that they read the privacy policy (…) and consent to the processing of their personal data for the required service”. The only available buttons were “Accept” and “Privacy notice”. The cookie policy was no longer available on the website and the privacy notice contained no mention of cookies and other trackers. The DPA found the following violations: * The controller violated Articles 12 and 13 GDPR by providing insufficient information about the processing of personal data; * The controller nudged visitors towards giving (invalid) consent by repeatedly displaying the cookie banner after they clicked the “X” button. This practice violated Articles 4(11), 5, and 7 GDPR as well as Art. 122 d. lgs. 196/2003This provision is the implementation of Article 5(3) ePrivacy Directive in Italian law.: * The controller violated Articles 24 and 25 GDPR
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Violations (4)
Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.
Art. 7 GDPR
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Confalonieri S.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Confalonieri S.r.l. - Italy (2025). Retrieved from cookiefines.eu
Last updated: