Home » Blog » Data Privacy » Sky Italia Fined EUR 842,062 for Unlawful Telemarketing Practices
Data Privacy, GDPR

Sky Italia Fined EUR 842,062 for Unlawful Telemarketing Practices

Table of Contents

The Italian Data Protection Authority (DPA) has issued a substantial fine of EUR 842,062 to Sky Italia for violations of GDPR, specifically related to unlawful telemarketing practices.

Key Findings:

  1. Unsolicited Contact: Sky Italia contacted individuals without proper consent, including those on advertising opt-out lists and individuals who had provided consent before the GDPR came into effect, without reassessing the validity of this consent under the updated legal framework.
  2. Inadequate Documentation: Sky’s process for storing consent details was deemed inadequate. They stored consent information in Excel files which can be easily modified. This is complete failure to ensure that clear, verifiable, and non-modifiable proof of consent was maintained.

This ruling highlights the critical importance of obtaining and documenting consent in a way that complies with the GDPR’s strict requirements. For businesses engaging in direct marketing or similar activities, this case serves as a reminder to always:

  • Ensure valid and up-to-date consent for each marketing contact.
  • Keep thorough records that cannot be altered, and
  • Regularly reassess previously obtained consent in light of the evolving legal framework.

While this ruling pertains to the EU, businesses globally—including India—should take heed. India’s Digital Personal Data Protection (DPDP) act, which is expected to get enforced in few months will bring similar compliances on all types of organizations. It is important for MSME to focus on the followings

  • Consent and Documentation: Just as seen in the Sky Italia case, ensuring clear, unambiguous, and verifiable consent will become crucial. MSMEs must invest in secure and reliable systems to capture and store consent.
  • Data Handling and Security: With penalties for non-compliance becoming more common, MSMEs must ensure they have processes in place to handle personal data securely, including for marketing purposes.
  • Re-evaluating Old Consent: Businesses that have collected data prior to the enactment of the DPDP must re-initiate the consent process again.

As the regulatory landscape continues to tighten in both India and globally, businesses, particularly MSMEs, must prioritize compliance to avoid hefty fines and reputational damage.

About The Author