Edison Energia S.p.A. – €4,900,000 Fine (Italy, 2022)

€4,900,000Garante per la protezione dei dati personali15 December 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Edison Energia S.p.A. was fined EUR 4.9 million for making marketing calls without consent and not providing clear ways for people to opt out. They used third-party contact lists without proper consent and failed to inform users about data processing. This case shows how crucial it is for companies to respect consumer rights and transparency.

What happened

Edison Energia made marketing calls without obtaining proper consent from individuals.

Who was affected

Individuals who received marketing calls from Edison Energia without their consent.

What the authority found

The Italian DPA found that Edison Energia violated GDPR by using contact lists without valid consent and failing to provide transparent information about data processing.

Why this matters

This ruling highlights the importance of obtaining clear consent for marketing activities and ensuring transparency in data processing. Companies should review their consent practices and provide easy ways for users to exercise their rights.

GDPR Articles Cited

AI-verified

Art. 6 GDPR
Art. 7 GDPR
Art. 5(1)(a) GDPR
Art. 5(2) GDPR
Art. 12(1) GDPR
Art. 21(2) GDPR
Art. 24(1) GDPR
Art. 25(1) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 5(2) GDPR
Art. 6 GDPR
Art. 7 GDPR
Art. 12(1) GDPR
(2)
(3) GDPR
Art. 21(2) GDPR
Art. 24(1) GDPR
(2) GDPR
Art. 25(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Edison Energia S.p.A. actions
Full Legal Summary
Detailed

The Italian DPA has fined Edison Energia S.p.A. EUR 4.9 million. Several person had filed complaints with the DPA regarding unlawful marketing activities of the company. During its investigation, the DPA found that the company contacted data subjects by telephone for marketing purposes without their consent. For this purpose, the company used contact lists from third parties, which in many cases, however, did not contain the free, specific, informed and documented consent of the users to the disclosure of personal data. The DPA also found that Edison Energia did not provide data subjects with a direct and easy way to exercise their right to object. In addition, Edison Energia failed to respond to data subject requests in a timely manner in several cases. In addition, the DPA found that users of the app and website simultaneously consented to the use of their data for both marketing and profiling purposes. The DPA found that such consent did not correspond to voluntary and specific consent for different purposes. Finally, the DPA found that Edison Energia failed to provide data subjects with transparent information about the processing of their personal data.

Related Enforcement Actions (0)

No other enforcement actions found for Edison Energia S.p.A. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

15 December 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€4,900,000

Enforcement Tracker ID

ETid-1671

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Edison Energia S.p.A. - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: