The Garante della Privacy started an investigation around this matter and discovered that the 2 companies in the dental health called private individuals offering them free services. Moreover, it emerged that the 2 companies in question illicitly managed the data gathered through public lists and also over 1 billion users’ data, which was bought from a provider based outside of Italy.

It is a matter of fact that the 2 companies have not been able to demonstrate to have obtained the consent from the data user for the use of those data. Consequently the Italian authority prohibited those 2 companies from using the data for marketing purposes and adviced them to immediately adopt technical and organisational measures in order to guarantees the data subject the respect of their data protection rights.

In this case, it stands out how the data subjects and consumers are getting everyday more aware of their data protection rights and also how relevant is the transparency between controllers and data users in this matter.

In addition, the infringement of Art 14 and Art 32 of the EU-GDPR lead the Italian authority to charge the 2 responsible businesses with penalties.

Further information:
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/content/id/6633592#3

Foto: ©lassedesignen - Fotolia