Vodafone Italia S.p.A. – €500,000 Fine (Italy, 2022)

€500,000Garante per la protezione dei dati personali10 November 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Italy fined Vodafone EUR 500,000 for signing up an elderly customer to a contract without proper consent. The call center read the terms too quickly, making them hard to understand. This case shows the importance of clear communication and consent in customer interactions.

What happened

Vodafone's call center signed a customer to a new contract without their clear consent.

Who was affected

An 80-year-old Vodafone customer who was contacted by an external call center.

What the authority found

The Italian authority found Vodafone violated GDPR by not obtaining clear consent and providing insufficient information about data processing.

Why this matters

This ruling highlights the need for businesses to ensure clear and understandable communication when obtaining consent. It serves as a warning to companies to review their consent processes, especially when using third-party call centers.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 7(GDPR)
Art. 13(GDPR)
Art. 5(1)(a) GDPR
Art. 12(1) GDPR
Art. 130(1) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 6 GDPR
Art. 7 GDPR
Art. 12(1) GDPR
Art. 13 GDPR
Art. 130(1) GDPR
(2)
(3) Codice della privacy

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Vodafone Italia S.p.A. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 500,000 on Vodafone Italia S.p.A.. A customer had filed a complaint with the DPA against Vodafone. The 80-year-old customer had been contacted by an external call center commissioned by Vodafone. During the conversation, the call center concluded a new contract with the customer without their consent. During its investigation, the DPA also found that the customer had not received sufficient information about the processing of her personal data. In addition, the call center had read out the information too quickly, making the content incomprehensible. In calculating the fine, the DPA took into account, as an aggravating factor, that Vodafone had already committed similar violations in the past. However, the fact that Vodafone immediately terminated the contract in question was taken into account as a mitigating factor.

Related Enforcement Actions (1)

Other enforcement actions involving Vodafone Italia S.p.A. in IT

Fine
Nov 2020· Garante per la protezione dei dati personali

The company was fined EUR 12,251,601 for unlawfully processing personal data of millions of customers for telemarketing purposes. The proceedings were...

€12.3M
Current
Nov 2022

Fine

€500K

Details

Fine Date

10 November 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€500,000

Enforcement Tracker ID

ETid-1505

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Vodafone Italia S.p.A. - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: