Privacy Guarantor: 17 million fine to WindTre, also sanctioned by Iliad

Who I am
Judit Llordés
Author and references

The Guarantor for the protection of personal data continues its control activities towards telephone operators. This time it was WindTre and Iliad that were hit. The former received a fine of approximately 17 million euros “for numerous illicit data processing, mainly linked to promotional activities”; while the second was fined 800 thousand euros for "violations of the rules on the protection of personal data".

In the WindTre case, users complained the receipt of unwanted promotional contacts, made without any consent, in addition to the lack of possibility of being able to exercise the right to withdraw consent or to object to the processing of their data for marketing purposes. In some cases, the issue of the publication of personal data in public telephone directories has been brought before the Guarantor despite the opposition of customers.

Photo credit -

In the course of the investigation, the Guarantor found that the MyWind and My3 apps required the user to provide their consent to the processing of personal data for various purposes, including marketing and profiling. Furthermore, the investigations also revealed illegal activities on the part of WindTre's commercial partners with improper activation of contracts and illegal data collection.

However, the company has already implemented some corrective measures - as specified in the order document - which, however, were not considered adequate by the Guarantor. For this reason, in addition to the fine of 16.729600 euros, Wind was prohibited from processing the data acquired without consent and ordered the adoption of "technical and organizational measures for effective control of the partners' supply chain, as well as procedures to respect the wishes of users. not to be disturbed ".

As for Iliad, the telephone operator "was found to be deficient in other respects, in particular with regard to the methods of accessing its employees to traffic data", reads the press release. Among the contested behaviors, one point in particular refers to SIM activation mode through the Simboxes. The Guarantor believes that the installations do not take all the necessary measures to guarantee the privacy of personal data as the recognition camera also frames the subjects who pass behind the user who is about to sign the contract who - in turn - must type and speak your personal data.


Furthermore, regarding access and storage of telephone and telematic traffic data, it was found that the “administrator of the customer care department” profile could view the users' telephone traffic data in clear text by accessing the system by typing in userid and password. Non-compliant behavior as the administrator should only have access to billing data stored for a period not exceeding 6 months. All the details are available.

In the meantime, Iliad is considering making an appeal against the decision of the Privacy Guarantor, underlining that the company has always operated with the utmost respect for the privacy of users and that no violation has been ascertained.

Samsung Galaxy S20 + 5G, with 12GB of RAM is available on Amazon. You can find it at this address.

add a comment of Privacy Guarantor: 17 million fine to WindTre, also sanctioned by Iliad
Comment sent successfully! We will review it in the next few hours.