Enel Energia is an Italian multinational manufacturer and distributor of electricity and gas. It was established as a public body in 1962. After that, it transformed into a Public Limited company in the year 1992.
It has developed a strong dedication toward renewable energy resources as well as implementing the new green technology. Therefore, Enel was the first energy company in the world to replace traditional electromechanical meters with smart meters, which allow to measure consumption in real-time and manage contractual relationships remotely.
Understanding Enel Energia fine case
The Italian Data Protection Authority has imposed a penalty on Enel Energia of $26.5 Million for engaging the aggressive telemarketing activities. Hence, the breach of teleselling activities of GDPR followed.
Numerous complaints were received from the user regarding receiving unwanted promotional telemarketing phone calls. It also included the robocalls on behalf of Enel. The user’s personal data was also leaked without taking their consent. The calls and the emails that the users were receiving were mostly to promote the services developed by Enel Energia. Hence, at the time of the contract, most of the users didn’t opt for receiving the marketing communication.
Additionally, at the time of investigation, it was found that the company on regular basis used to send different types of marketing communications. They were receiving it despite refusing the marketing communication as per the contract. The Garante highlighted it carried out a complex investigation, which also covered Enel Energia’s business partners. They also played a major part.
The authority also found that the word consent embraced by Enel Energia it was not considered as a complaint of GDPR as its regarded as too common at the time it floated to the entities for communicating as well as connecting the data for the marketing purpose.
The Italian Data Protection Authority
Additionally, to protect the fundamental rights and freedom The Italian Data Protection Authority (Garante per la protezione dei dati personali) is an independent authority. Its connected with the processing of personal data, and to ensure respect for individuals’ dignity. In 1997 the DPA set up. Then the former Data Protection Act came into force.
They committed to ensure that, in all public and private sectors, data processed as required by the law. The rights of individuals respected whenever their personal data processed.
In Italy the General Data Protection Rules are established by the Codice in materia di protezione dei dati personali. The Codice has gone through the Legislative decree. The decree revoked the previous and integrated provision that were initiated. It also provides and maintains certain discipline regarding the personal data protection and safeguarding the same. It also prohibits any direct investigation on the data privacy of any company or organization.
GDPR Understanding
Processing personal details are restricted and prohibited by the GDPR stated. Enel Energia failed to comply with the consent. Therefore, they also failed to control the activities of their business partners through appropriate technical and organizational measures.
One of the vital roles that GDPR plays is in consumer rights. The customers practiced their right to access or the right to object at that time the company did not act appropriately. Providing necessary and timely feedback failed the company. Therefore, the investigation concluded this could generate confusion and does not reflect the essential principle of transparency.
The aftermath of the case
The Enel Energia disagreed with the statement made by the Italian Data Protection Authority. The unauthorized operator called the users on behalf of the company. They used to grab the customer’s attention. It offered different types of contracts that competed with the third parties during the call. The calls were spotted to Enel’s partners. For the action of the partners, the company isn’t responsible. However, the authorities dismissed the arguments because there were numerous cases where the call led to contracts that showed the signature of Enel. Moreover, it was the basic duty of Enel to detect and monitor the activities carried out on behalf of Enel.
