Vodafone handed €12.25 million GDPR fine in Italy over aggressive telemarketing

Vodafone’s Italian business is facing a fine of over €12.25 million over aggressive telemarketing practices.

Falling under the General Data Protection Regulation (GDPR), the fine is the third-largest to be given by the Italian Data Protection Authority (Garante) in 2020, and the first violation by Vodafone in the country.

The Garante investigation came after it received ‘hundreds’ of complaints of nuisance calls from Vodafone’s sales networks. It found that Vodafone’s customer information storage system had multiple flaws and that the company had purchased contacts lists from external providers – with the information of up to 4.5 million people secured without user consent.

Overall, the violations were found to have affected the company’s entire Italian customer base.

Vodafone justified the unwanted communication as human error, but this was not deemed an appropriate excuse by the regulator, with other factors including the ‘significantly negligent nature’ and recurrence of the calls.

The regulator has ordered Vodafone to overhaul its telemarketing procedures in Italy, and has been prohibited from processing personal data acquired from third parties without first gaining user consent.

While it is Vodafone’s first GDPR violation in Italy, the company’s Spanish business has received 29 fines – though only one surpassed €100,000 – while it has been fined twice in Romania this year alone.

In further ignominy for the company, Vodafone suffered a major outage in a number of major German cities on November 23. Over 100,000 mobile phone users in Berlin, Hamburg, Munich, Cologne, Frankfurt and other cities were shut out of the network for upwards of three hours.

Vodafone acknowledged the outage, and said that “the network elements will be observed” going forward. It said that the network problem was caused by the failure of control equipment in Munich, Frankfurt and Berlin.