Sky Italia S.r.l. – €3,296,326 Fine (Italy, 2021)

The Italian DPA (Garante) has fined Sky Italia S.r.l. EUR 3,296,326 for illegal telemarketing. The DPA's decision followed a complex investigation launched after dozens of reports and complaints from people who claimed that they received unsolicited promotional calls and promotional SMS both from Sky Italia directly and through call centers of other companies. In this regard, the DPA found that the promotional calls were made without adequately informing the users (such as about the origin of the personal data transmitted to Sky Italia). Thus, data subjects would have had the opportunity to contact the company that collected the data and object to the processing. Only after obtaining consent, Sky would then have been allowed to proceed with the commercial offers. Sky used lists of data it had acquired from other companies for these promotional purposes. Contrary to Sky Italia's view, the consent to the disclosure of data to third parties given by the data subjects to the companies from which Sky Italia had acquired the lists did not authorize Sky Italia to use the data for its own promotional purposes. In addition, Sky failed to verify the list of individuals who had objected to being contacted for advertising purposes before making the advertising calls. As a result, several data subjects had received advertising calls despite their explicit objection. Further, the DPA found that Sky had failed to properly appoint the suppliers of the lists as data processors. In determining the amount of the fine, the DPA took into aggravating consideration that the violations involved 'systemic' conduct that was rooted in the company's operations as well as the fact that Sky should have acquired sufficient experience and competence to make fundamental decisions in compliance with data protection regulations due to its ongoing contacts with the authority and its long-standing presence in the market.