The Italian Data Protection Authority (Garante) has issued three orders of injunction against two IT companies—specializing in the data bank sector—and a telecom operator obliging them to pay fines equal to 800,000 euros for violating prescriptive measures already adopted toward them in 2008.
The two companies specializing in data bank creation had created and sold data banks containing tens of millions of people’s personal data, without having both informed data subjects and acquired their consent. Such companies will have to pay, respectively, a fine of 100,000 euros and a fine of 400,000 euros.
The telecom operator, although it was aware about the unlawful origin of the data, had however bought and used them to get in touch with users for marketing purposes. For these reasons, the telecom operator will have to pay a fine of 300,000 euros.
Further orders of injunction will be soon adopted toward other companies that did not comply with the Garante’s measures, in particular those measures referring to both telemarketing and data bank use.