A Privacy Authority’s fine was issued on October 23rd against the e-Campus online University.
The university had sent promotional SMS messages without the consent of the recipients, leading to a penalty of € 75.000 by the Authority.
This action was taken in response to complaints from some citizens who were receiving unwanted messages, even after opposing such communications.
After confirming the GDPR and the Privacy Code violation, the Privacy Authority also ordered the University to review the technical and organizational measures it used to validly acquire consent for data processing, especially in cases where advertising campaigns were entrusted to third parties.
Finally, the university was directed to establish appropriate data retention periods and provide specific instructions to its staff to ensure that requests for data access or deletion are promptly fulfilled.