Maggioli S.p.A. – Complaint Upheld (Italy, 2023)

Complaint Upheld
Garante per la protezione dei dati personali8 February 2023Italy
final
Complaint Upheld

The Italian Garante upheld a complaint against Maggioli S.p.A. for improper cookie practices, including no reject button and pre-ticked consent boxes. This matters because it underscores the need for clear and transparent cookie consent mechanisms. Maggioli's reliance on a service provider led to errors in cookie handling.

What happened

Maggioli S.p.A. used cookie practices that lacked transparency, such as no reject button and pre-ticked consent boxes.

Who was affected

Website visitors who were not properly informed about cookie usage on Maggioli S.p.A.'s sites.

What the authority found

The Italian DPA found Maggioli S.p.A. violated GDPR by not providing clear cookie consent options and relying on incorrect cookie categorizations by its service provider.

Why this matters

This case highlights the importance of having transparent and user-friendly cookie consent processes. Companies should ensure their service providers accurately implement cookie policies to avoid compliance issues.

GDPR Articles Cited

Art. 5 GDPR
Art. 7 GDPR
Art. 12 GDPR
Art. 13 GDPR
Art. 24 GDPR
Art. 25 GDPR
Art. 28 GDPR
Art. 4(11) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Maggioli S.p.A. actions
Full Legal Summary
Detailed

Maggioli's cookie banner lacked a reject button, used pre-ticked boxes, and erroneously attributed third-party tracking cookies to the controller.

Outcome

Complaint Upheld

A data subject complaint that was upheld by the DPA.

Violations (3)

No Reject Button
critical

Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.

Art. 7 GDPR

Pre-ticked Consent Boxes
high

Cookie consent checkboxes are pre-selected by default, violating the requirement for active, affirmative consent.

Art. 4(11) GDPR

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Maggioli S.p.A. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

unknown (claimant)

2021 · DPA OLGWien

Azienda USL della Romagna

2021 · Garante per la protezione dei dati personali

€50K

RAMONA FILMS, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Details

Decision Date

8 February 2023

Authority

Garante per la protezione dei dati personali

GDPRhub ID

gdprhub-7766

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 100%

Cite as: Cookie Fines. Maggioli S.p.A. - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: