Illumia Spa – €678,897 Fine (Italy, 2024)

€678,897Garante per la protezione dei dati personali13 November 2024Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Illumia Spa was fined for making marketing calls without asking for permission first. This is important because it shows that companies must follow privacy rules to avoid unwanted contact with users. Ignoring these rules can lead to significant fines.

What happened

Illumia Spa was fined for unlawfully processing personal data for telemarketing purposes.

Who was affected

Individuals who received unsolicited advertising calls from Illumia Spa were affected.

What the authority found

The authority determined that Illumia Spa failed to implement necessary controls for lawful telemarketing.

Why this matters

This ruling emphasizes the need for businesses to have clear consent processes in place. Companies should review their marketing practices to ensure compliance with privacy laws.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 7(GDPR)
Art. 24(GDPR)
Art. 25(GDPR)
Art. 28(GDPR)
Art. 32(GDPR)
Art. 5(2) GDPR
View original scraped data
Art. 5(2) GDPR
Art. 6 GDPR
Art. 7 GDPR
Art. 24 GDPR
Art. 25 GDPR
Art. 28 GDPR
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
amount discrepancy
date discrepancy
Italy enforcementGarante per la protezione dei dati personali actionsAll Illumia Spa actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 678,897 on the energy company Illumia Spa for unlawfully processing personal data for marketing purposes. The fine follows complaints from users who received unwanted advertising calls from call centers working on behalf of Illumia. The DPA found that the company had not carried out sufficient controls along the entire telemarketing supply chain. Among other things, advertising calls were made without a legal basis, and necessary technical and organizational measures were only implemented after a delay.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Illumia Spa in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

13 November 2024

Authority

Garante per la protezione dei dati personali

Fine Amount

€678,897

Enforcement Tracker ID

ETid-2516

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Illumia Spa - Italy (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: