B&T S.p.A. – €400,000 Fine (Italy, 2021)

€400,000Garante per la protezione dei dati personali25 November 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Italy's data protection authority fined B&T S.p.A. EUR 400,000 for sending unsolicited SMS ads and failing to respect users' rights. The company used third-party data lists that were not properly vetted. This case stresses the need for businesses to ensure their marketing practices comply with data protection laws.

What happened

B&T S.p.A. sent unsolicited SMS advertisements using improperly sourced data lists.

Who was affected

Individuals who received unsolicited SMS advertisements from B&T S.p.A.

What the authority found

The Italian DPA found that B&T S.p.A. violated GDPR by using unlawfully obtained personal data for marketing purposes.

Why this matters

This decision underscores the responsibility of companies to verify the legality of data sources used in marketing campaigns. Businesses must ensure their partners comply with data protection laws to avoid hefty fines.

GDPR Articles Cited

AI-verified

Art. 12 GDPR
Art. 13 GDPR
Art. 14 GDPR
Art. 21 GDPR
Art. 5(1)(a) GDPR
Art. 6(1)(a) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 6(1)(a) GDPR
Art. 12 GDPR
Art. 13 GDPR
Art. 14 GDPR
Art. 21 GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 122 Codice Privacy
Source verified 6 March 2026
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll B&T S.p.A. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 400,000 on B&T S.p.A. Two data subjects had complained to the DPA about unsolicited SMS advertising. In addition, they stated that it was not possible for them to make use of their right to information and right to object. During the course of the investigation, Garante discovered that B&T had contracted a marketing company to send promotional SMS messages to potential customers. The marketing company had then engaged other providers, which in turn had acquired their databases from third parties. As it turned out, the other providers had obtained the data of the contacted persons from unchecked and illegal lists of foreign companies, some of whose information came from registrations on information portals or online sweepstakes. In this context, the DPA pointed out that companies commissioning advertising campaigns must always make sure that the companies commissioned to do so are working correctly and that consumer data is being used lawfully.

Related Enforcement Actions (0)

No other enforcement actions found for B&T S.p.A. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

25 November 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€400,000

Enforcement Tracker ID

ETid-1026

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. B&T S.p.A. - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: