Benetton Group S.r.l. – €240,000 Fine (Italy, 2023)

€240,000Garante per la protezione dei dati personali27 April 2023Italy
final
Fine

Benetton Group S.r.l. was fined EUR 240,000 for failing to protect customer data and not allowing users to manage their cookie preferences. This is important because it shows that companies must take data protection seriously and provide clear options for users. It sets a standard for how businesses should handle personal information.

What happened

Benetton Group S.r.l. stored customer data indefinitely and did not provide clear cookie choices for users.

Who was affected

Customers whose data was stored and who were affected by unclear cookie information.

What the authority found

The Italian DPA ruled that Benetton Group S.r.l. violated multiple GDPR articles regarding data protection and user consent.

Why this matters

This ruling highlights the importance of transparency and user control over personal data. Companies must implement proper security measures and clear cookie policies to avoid hefty fines.

GDPR Articles Cited

AI-verified

Art. 5(1)(c) GDPR
Art. 5(1)(e) GDPR
Art. 32(1)(b) GDPR
View original scraped data
Art. 5(1)(c) GDPR
Art. 5(1)(e) GDPR
Art. 32(1)(b) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 122 Codice Privacy
Source verified 6 March 2026
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Benetton Group S.r.l. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 240,000 on Benetton Group S.r.l.. The controller had stored a large amount of customer data indefinitely. The DPA also found that the administrative database of employees of stores from 7 countries were accessible with a single password. The DPA considered this to be a breach of the obligation to implement appropriate technical and organizational measures to protect personal data. In assessing the fine, the DPA considered the fact that a very large number of people were affected by the data protection violations as an aggravating factor.

Violations (3)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Unclear Cookie Information
high

The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.

Art. 12, 13 GDPR

No Granular Cookie Choice
high

Users cannot select or deselect individual cookie categories; consent is presented as all-or-nothing.

Art. 4(11) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Benetton Group S.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

Ramona Films, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

27 April 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€240,000

Enforcement Tracker ID

ETid-1931

GDPRhub ID

gdprhub-6141

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 80%

Cite as: Cookie Fines. Benetton Group S.r.l. - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: