Ediscom S.p.A. – €300,000 Fine (Italy, 2023)

€300,000Garante per la protezione dei dati personali23 February 2023Italy
final
ePrivacy
Fine

The Italian DPA has imposed a fine of EUR 300,000 on Ediscom S.p.a.. The marketing company had collected data from 21 million individuals via various online portals in order to use them for marketing activities. The company also used so-called 'dark patterns' to mislead users into consenting to the processing of their data for marketing purposes and to the transfer of their data to third parties. The DPA found a number of other violations, including that in some cases of data processing, the company was unable to demonstrate that it had obtained the consent of data subjects for this.

GDPR Articles Cited

Art. 5(GDPR)
Art. 6(GDPR)
Art. 7(GDPR)
Art. 13(GDPR)
Art. 14(GDPR)
Art. 24(GDPR)
Art. 25(GDPR)
Italy enforcementGarante per la protezione dei dati personali actionsAll Ediscom S.p.A. actions
Full Legal Summary

The Italian DPA has imposed a fine of EUR 300,000 on Ediscom S.p.a.. The marketing company had collected data from 21 million individuals via various online portals in order to use them for marketing activities. The company also used so-called 'dark patterns' to mislead users into consenting to the processing of their data for marketing purposes and to the transfer of their data to third parties. The DPA found a number of other violations, including that in some cases of data processing, the company was unable to demonstrate that it had obtained the consent of data subjects for this.

Violations (4)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Cookies Persist After Rejection
critical

Tracking cookies remain active or are re-placed even after the user explicitly rejects them.

Art. 6(1) GDPR

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Unclear Cookie Information
high

The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.

Art. 12, 13 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Ediscom S.p.A. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

unknown (claimant)

2021 · DPA OLGWien

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

23 February 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€300,000

Enforcement Tracker ID

ETid-1800

GDPRhub ID

gdprhub-5831

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Ediscom S.p.A. - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: