Verisure Italia multada em €400 mil por marketing direto sem consentimento válido

Fonte: EDPB — European Data Protection Board  |  Jurisdição: União Europeia  |  Tipo: Notícia

Background information Date of final decision: 27 November 2025 National case Controller: Verisure Italia srl Legal Reference(s): Article 5 (Principles relating to processing of personal data), Article 7 (Conditions for consent), Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 21 (Right to object) Decision: Administrative fine, Compliance order, Erasure order Key words: Administrative fine, Principles relating to processing of personal data, Consent, Transparency, Right to object, Data retention, Direct marketing, Exercise of data subject rights Summary of the Decision Origin of the case The Italian Supervisory Authority (SA), received a complaint from a former customer who had continued to receive unsolicited promotional text messages even after objecting to the processing of his data, and a report from a potential customer who, after requesting a quotation, had started receiving advertising calls, emails, and text messages. In both cases, the communications had persisted despite the exercise of the right to object provided for by the GDPR. Key Findings The company handled object requests late, beyond the deadlines set out in the GDPR, and did not correctly collect – via the form on its website – the consent of potential customers for direct marketing purposes. In fact, in addition to not providing adequate information, this consent was effectively combined with the potential customer’s request for a price quote. In other words, the fact of providing one’s telephone number to obtain a personalized quotation was considered by the company as equivalent to consent to receive advertising calls. Furthermore, the SA considered the period for storing potential customers’ data for telesales purposes (12 months) to be excessive, as this was the period within which the company believed it could contact the potential customer again if they did not accept the quote offered. Decision In addition to the imposition of a 400 000 EUR fine, the Italian SA prohibited Verisure Italia from further processing the personal data acquired unlawfully, ordered the deletion of data collected without valid consent, and required the company to bring its privacy policy into compliance with GDPR. The company must also notify the SA, within sixty days, of all measures taken to comply with the EU regulations on the lawful processing of personal data. The Italian SA has taken note of the measures already undertaken by the company during the investigation. For further information: Marketing indesiderato: Garante sanziona Verisure Italia per 400mila euro

A Autoridade Supervisora Italiana aplicou multa administrativa de €400.000 à Verisure Italia por processamento ilícito de dados pessoais para fins de marketing direto, conforme decisão final de 27 de novembro de 2025, publicada pelo EDPB. A empresa violou múltiplos artigos do GDPR: (i) não obteve consentimento válido para marketing direto, combinando indevidamente a solicitação de orçamento com consentimento implícito; (ii) não forneceu informações adequadas aos titulares; (iii) processou tardiamente pedidos de exercício do direito de objeção, mantendo envio de mensagens promocionais não solicitadas mesmo após objeção; (iv) reteve dados de potenciais clientes por período excessivo (12 meses) para fins de televendas. A decisão impôs: multa de €400.000, ordem de conformidade, ordem de exclusão de dados coletados sem consentimento válido, atualização da política de privacidade, e notificação à autoridade supervisora em 60 dias sobre medidas de conformidade. Decisão com força normativa que reafirma jurisprudência europeia sobre consentimento válido em marketing direto, transparência na coleta de dados e prazos para resposta a direitos dos titulares. Estabelece precedente relevante para empresas operando na UE quanto à impossibilidade de vincular consentimento a transações comerciais e à necessidade de retenção de dados proporcional.

Impacto estimado: Alto  |  Temas: consentimento, direitos do titular, marketing direto, transparência

Fonte original: EDPB — European Data Protection Board

Compartilhar sinal ApolloRisk

Compartilhe este sinal com sua equipe ou rede profissional.

LinkedIn
WhatsApp
Facebook
Reddit
Instagram: copie o link desta página e cole nos Stories.

Posts Similares