Ediscom S.p.A. – €300,000 Fine (Italy, 2023)

€300,000Garante per la protezione dei dati personali23 February 2023Italy
final
ePrivacy
Fine

Ediscom S.p.A. was fined EUR 300,000 for misleading users and collecting data without proper consent. They used confusing tactics to trick people into agreeing to share their information for marketing. This case shows how important it is for companies to be clear and honest about data collection.

What happened

Ediscom S.p.A. collected data from 21 million individuals without obtaining proper consent and used misleading tactics to gain user agreement.

Who was affected

Individuals whose data was collected by Ediscom S.p.A. without proper consent.

What the authority found

The Italian Data Protection Authority found that Ediscom violated multiple data protection rules, including failing to obtain valid consent for data processing.

Why this matters

This case highlights the need for transparency in data collection practices. Companies should ensure that their consent processes are clear and straightforward to avoid legal issues.

GDPR Articles Cited

AI-verified

Art. 13 GDPR
Art. 14 GDPR
Art. 24 GDPR
Art. 25 GDPR
Art. 5(1)(a) GDPR
Art. 6(1)(a) GDPR
Art. 7(2) GDPR
View original scraped data
Art. 5 GDPR
Art. 6 GDPR
Art. 7 GDPR
Art. 13 GDPR
Art. 14 GDPR
Art. 24 GDPR
Art. 25 GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 122 Codice Privacy
Source verified 6 March 2026
articles corrected
national law identified
verified correct
Italy enforcementGarante per la protezione dei dati personali actionsAll Ediscom S.p.A. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 300,000 on Ediscom S.p.a.. The marketing company had collected data from 21 million individuals via various online portals in order to use them for marketing activities. The company also used so-called 'dark patterns' to mislead users into consenting to the processing of their data for marketing purposes and to the transfer of their data to third parties. The DPA found a number of other violations, including that in some cases of data processing, the company was unable to demonstrate that it had obtained the consent of data subjects for this.

Violations (4)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Cookies Persist After Rejection
critical

Tracking cookies remain active or are re-placed even after the user explicitly rejects them.

Art. 6(1) GDPR

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Unclear Cookie Information
high

The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.

Art. 12, 13 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Ediscom S.p.A. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

unknown (claimant)

2021 · DPA OLGWien

Azienda USL della Romagna

2021 · Garante per la protezione dei dati personali

€50K

Ramona Films, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

23 February 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€300,000

Enforcement Tracker ID

ETid-1800

GDPRhub ID

gdprhub-5831

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 90%

Cite as: Cookie Fines. Ediscom S.p.A. - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: