an unnamed data subject – €500,000 Fine (Italy, 2022)

€500,000Garante per la protezione dei dati personali10 November 2022Italy
final
ePrivacy
Fine

Vodafone was fined for improperly obtaining consent from an elderly woman during a telemarketing call. The call center spoke too quickly and combined consent for different purposes, violating privacy rules. This case underscores the need for clear and separate consent in marketing calls.

What happened

Vodafone's call center failed to obtain valid consent from an elderly woman for processing her personal data during a telemarketing call.

Who was affected

An 85-year-old woman who received a telemarketing call from Vodafone's call center.

What the authority found

The Italian data protection authority found that Vodafone lacked a valid legal basis for processing the woman's data, as consent was not properly obtained.

Why this matters

This ruling highlights the importance of obtaining clear and distinct consent for different processing activities. Companies should ensure their telemarketing practices comply with privacy regulations.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 7(GDPR)
Art. 13(GDPR)
Art. 5(1) GDPR
Art. 5(2) GDPR
Art. 12(1) GDPR
Art. 4(11) GDPR
View original scraped data
Art. 4(11) GDPR
Art. 5(1) GDPR
Art. 5(2) GDPR
Art. 6 GDPR
Art. 7 GDPR
Art. 12(1) GDPR
Art. 13 GDPR

Original data from scraper before AI verification against source document.

Entities Involved

an unnamed data subject
Vodafone Italia
Source verified 6 March 2026
verified correct
Italy enforcementGarante per la protezione dei dati personali actionsAll an unnamed data subject actions
Full Legal Summary
Detailed

The case involves issues with telemarketing consent and contract conclusion, not related to cookies or consent banners.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (3)

Other enforcement actions involving an unnamed data subject in IT

Fine
Apr 2022· Garante per la protezione dei dati personali

The municipality of Monte Sant'Angelo is the controller. The data subject is an excluded candidate from a competition procedure. The municipality pub...

€3K
Complaint Upheld
May 2022· Garante per la protezione dei dati personali

The Italian DPA was notified by the data subject that revenge porn related to them was being spread on Instagram and Facebook. The data subject asked ...

Complaint Upheld
Jul 2022· Garante per la protezione dei dati personali

An Italian company, Fastweb S.p.A. (the controller), owned the website www.fastweb.it. Following the Schrems II decision, a user of the website (the d...

Current
Nov 2022

Fine

€500K

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

10 November 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€500,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. an unnamed data subject - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: