The Italian Privacy Authority, with the provision no. 286 of 11 October 2012, has prohibited the unlawful data processing of one million people contained in the database of a company operating in the field of the selling by mail order and direct marketing.

The decision was taken following the inspection activities conducted by the Authority under the reports of several affected parties who complained that they had been disturbed with unsolicited commercial offers.

Under the inspections, the Authority found out that the company did not provide the information to the customers of the bankrupt company, from which it bought the whole database, not communicating to be the new owner of the processing of personal data, and without having obtained the necessary free given, specific and documented consent, released in writing by the subjects data.

The Italian Privacy Authority therefore prohibited the processing of personal data collected by the company for any use that is not directly required to performance a contractual obligation, such as the purchase of a product or service. In addition, the Authority forced the company to regularize its position in relation to the disclosure of information and the consent, and finally opened separate administrative proceedings aimed at contesting the violations committed.

Source: Garante per la protezione dei dati personali