TIM formerly known as Telecom Italia Mobile is one of the largest Italian telecommunications companies owned by one and only Gruppo TIM. In 1995 the company came into existence. It provides a brand of mobile, fixed telephony as well as internet services.
How did TIM got fined?
The Italian Data Protection Authority (Garante) penalized TIM an Italian Telecommunication company on 1st February with a penalty of $27.8 Million for violating the several unlawful market data processing practices.
While investigation, Garante noticed that the company processed different types of unwanted advertising phone calls without taking any consent from the higher authorities. But most of the consumers refused to receive these types of advertising calls. It didn’t activate the specific verification procedure required to follow under the Public register of opposition. The individuals were fed up with these types of promotional and advertising calls. The misuse of data of both customer and non-customer placed. The data is being abused by the name, addresses, and phone numbers of the customers and the non-customers.
The complainants who raised a complaint against TIM, they told that they use to receive 155 times promotional calls a month. This is regarded as a failure from the point of view of TIM’s behalf in terms of properly handling the opt-ins for the promotional calls that were set up by the company.
The Italian Data Protection Authority: Who are we
Additionally, to protect the fundamental rights and freedom The Italian Data Protection Authority (Garante per la Protezione dei dati personali) is an independent authority. It’s connected with the processing of personal data and ensures respect for individuals’ dignity. In 1997 the DPA was set up. Then the former Data Protection Act came into force.
They committed to ensuring that, in all public and private sectors, data is processed as required by the law. The rights of individuals are respected whenever their personal data is processed.
Data Processors
A lot of company’s unknown “partners” that involved charged with processing the data in the form of promotions. They were telemarketing companies that were whole and solely responsible for the data collected by the company as well as looking after the in-house data. They also made promotional calls on TIM’s behalf.
Moreover, The company shall be completely responsible for managing as well as distributing its data to its partners across the globe. It shall show the opt-out option as it records and also shall reflect in the database of partners. It’s one of the basic necessities to safeguard the data.
The Violation OF TIM case
The poor mismanagement of the company and its partner was observed. It has developed a blacklist where in there is a list of customers who don’t wish to give their personal information for marketing purposes. So to solve this problem they used 2 lists wherein they damped the customers who don’t want to share their data for marketing purposes. The other one was a blacklist where the customers were denied to participation at the time of telemarketing calls.
The company has developed an agreement where under the TIM’s agreement they have the right to safeguard the data and all information of the secondary customers. Based on the notion of consent, The company violated the GDPR violations for not going through the proper guideline of having the data breach. They had also gone through the improper means to for gaining consent to use the promotional data.
TIM’s statement on the case
It tried to exhibit the Data Subject rights. They did the necessary changes. The company policies and individual cases are justified by the company. However, the issues found refuted their claims. The company did very little to address the GDPR fine.
