Areti spa – €1,000,000 Fine (Italy, 2022)

€1,000,000Garante per la protezione dei dati personali24 November 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Italy's data protection authority fined Areti spa EUR 1 million for failing to update customer data, which wrongly labeled some as defaulters. This error prevented about 47,000 customers from switching electricity suppliers. The case underscores the need for companies to maintain accurate data and respond to customer rights requests promptly.

What happened

Areti spa was fined for not updating customer data, leading to incorrect default status and blocking supplier changes.

Who was affected

Around 47,000 electricity customers who were wrongly classified as defaulters and faced issues switching suppliers.

What the authority found

The Italian DPA found that Areti failed to keep customer data accurate and respond to data rights requests, violating GDPR.

Why this matters

This case highlights the importance of data accuracy and responsiveness to customer rights. Businesses should ensure their data management practices comply with GDPR to avoid similar penalties.

GDPR Articles Cited

AI-verified

Art. 12(GDPR)
Art. 15(GDPR)
Art. 24(GDPR)
Art. 5(1)(d) GDPR
Art. 5(2) GDPR
View original scraped data
Art. 5(1)(d) GDPR
e) GDPR
Art. 5(2) GDPR
Art. 12 GDPR
Art. 15 GDPR
Art. 24 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Areti spa actions
Full Legal Summary
Detailed

The Italian DPA has fined electricity supplier Areti spa EUR 1 million. A customer had filed a complaint with the DPA due to Areti classifying them as a defaulting customer, which prevented them from switching to another electricity supplier. This was due to the fact that outdated data in Areti's databases had not been updated following a mismatch in the company's internal systems. The incident affected around 47,000 customers. The DPA's investigation also found that Areti had stored the data for an inadequate length of time. In addition, Areti failed to properly respond to requests to exercise data subject rights.

Related Enforcement Actions (0)

No other enforcement actions found for Areti spa in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

24 November 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€1,000,000

Enforcement Tracker ID

ETid-1541

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Areti spa - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: