Dream Land S.r.l. – Violation Found (Italy, 2025)

Jaguar Land Rover Italia S.p.A. (JLRI), the Italian subsidiary of the Jaguar Land Rover group, and Dream Land S.r.l. (Dream Land), an authorized automotive dealer, jointly operated a website used for promotional and commercial purposes. The website was owned by Jaguar Land Rover Limited and made available to Dream Land, whose technical infrastructure was managed by an external supplier provided by JLRI. On 14 February 2024, the Italian DPA's delegated inspection unit accessed the website and found two problems. First, when a user clicked the link to the cookie policy within the consent banner, the banner remained visible and overlapped the policy text, preventing users from reading it in full before deciding whether to accept, reject, or configure cookies. Second, the cookie policy contained contradictory information about the identity of the data controller: it referred at one point to a geographic location rather than a legal entity, listed multiple entities as independent controllers while indicating only one was responsible for handling data subject requests, and referenced a VAT number that did not exist. In March 2024, Dream Land signed a data privacy addendum to the dealership agreement, which described the parties as independent controllers. When the DPA initiated proceedings against JLRI in June 2024, JLRI argued that the website belonged to Dream Land and that it bore no responsibility for the banner configuration. Dream Land, notified in August 2024, argued the banner issue was the result of a technical malfunction and that it operated as an independent controller. First, the DPA held that both JLRI and Dream Land were joint controllers under Article 26 GDPR. Despite the dealership agreement formally describing them as independent controllers, the DPA assessed their roles on a factual basis: both parties had jointly chosen to use the website to pursue shared commercial interests and had thus jointly determined the purposes and means of the processing un