Axpo Italia Spa – €10,000,000 Fine (Italy, 2023)

€10,000,000Garante per la protezione dei dati personali28 September 2023Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Axpo Italia Spa was fined €10 million for activating utility contracts without customers' knowledge. This matters because it shows how companies must handle personal data responsibly and ensure contracts are only made with consent. Businesses need to verify the accuracy of customer information to avoid similar issues.

What happened

Axpo Italia Spa activated electricity and gas contracts in customers' names without their knowledge.

Who was affected

Customers whose names were used for unauthorized contracts were affected.

What the authority found

The Italian DPA found that the company failed to ensure accurate data was used when activating contracts, violating GDPR's requirements for lawful data processing.

Why this matters

This case sets a precedent that companies must ensure they have valid consent and accurate data before activating contracts. It underscores the importance of data accuracy and customer consent in business operations.

GDPR Articles Cited

AI-verified

Art. 5(1)(a) GDPR
Art. 5(2) GDPR
Art. 24(2) GDPR
View original scraped data
Art. 5(1)(a) GDPR
d) GDPR
Art. 5(2) GDPR
Art. 24(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 4 March 2026
verified correct
Italy enforcementGarante per la protezione dei dati personali actionsAll Axpo Italia Spa actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 10 million on electricity and gas supplier Axpo Italia Spa. The DPA had received numerous complaints from data subjects who complained that, without their knowledge, electricity and gas contracts had been activated in their own names, of which they had only learned after receiving termination letters from the previous supplier or reminders to pay outstanding bills. They also discovered that their personal data provided in the contract (e.g., email address, phone number and utility number) was incorrect or outdated. During its investigation, the DPA found that the controller had been acquiring new electricity and gas supply contracts through a network of approximately 280 vendors without ensuring that the data entered into the database by the vendors actually corresponded to utility users. This resulted in unsolicited contracts that often contained inaccurate and outdated personal data.

Related Enforcement Actions (0)

No other enforcement actions found for Axpo Italia Spa in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

28 September 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€10,000,000

Enforcement Tracker ID

ETid-2077

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Axpo Italia Spa - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: