Heaviest fine ever (over 79 million euro) imposed by the Italian Data Protection Authority

By Order No. 81 of 8 February 2024, the Italian Data Protection Authority sanctioned Enel Energia for more than EUR 79 million due to its failure to comply with its obligations to duly process the data of many users for telemarketing purposes.

The case originates from previous investigations carried out by the Italian Financial Police (Guardia di Finanza) following which the Italian Data Protection Authority had already imposed a fine of EUR 1.8 million on four companies. also confiscating some databases used for illegal activities.

In the course of the investigations, it came out that Enel Energia had serious security shortcomings in the information systems used for customer management, given that not all the necessary measures had been put in place to prevent illegal activities of abusive intermediaries who were able to easily access the company’s portals, and to fuel a flourishing illegal business of nuisance calls to Enel customers, aimed at signing contracts with third companies.

This investigation showed that, over the course of time, 9300 contracts were activated, resulting in a fine of EUR 79,107,101 for Enel Energia, the highest applied by the Italian Authority to date.