Data Protection

Direct marketing and privacy consent, opt-in messages allowed in Italy?

The Court of Rome overturned a consolidated position of the Italian data protection authority

It is possible to send opt-in messages to request privacy consent to direct marketing communications in Italy according to the Court of Rome.

The Court of Rome ruled on the appeal filed by a well-known telephone company against order No. 437 of 2016 issued by the Italian data protection authority, reversing it in favor of the appellant.

The position of the Garante on opt-in messages to request consent to direct marketing in Italy

The subject of the dispute is the manner in which the company had conducted, between 2015 and 2016, a number of campaigns involving the delivery of text messages requesting consent to receive advertising or promotional material, both to customers already present in the company’s customer base and to potential customers.

According to the Garante, by sending such text messages without a prior data protection consent, the company had acted in breach of the provisions of the Italian Privacy Code, as formulated prior to the GDPR (but still applicable to the point in question) and therefore issued a fine against the Company, prohibiting also the further processing of customers’ data.

The view of the Court of Rome on the matter on opt-in messages

The Court of Rome held that the provision of the Italian Privacy Code requiring consent “for the delivery of advertising or direct marketing communications or for carrying out market research or commercial communication” is not relevant in the case in point, arguing that the provision prohibits advertising or promotional activities in the absence of consent, but does not also prohibit the delivery of messages aimed precisely at obtaining such a consent, to be expressed subsequently in a conscious manner by the recipient and aimed at the future delivery by the company of direct marketing communications.

As consequence, the party’s activities cannot already be considered as the processing of personal data for direct marketing purposes, since in the case in question there is no promotional activity for a commercial product or advertising activity in the proper sense. On the contrary, in requesting consent (which will eventually be forwarded with a future and separate message), the company’s intention must be to comply with the provisions of the Italian Privacy Code.

The court thus canceled the decision of the decision of the Italian data protection authority, accepting the appeal of the telephone operator.

My view on opt-in messages

Giulio CoraggioI believe that the decision of the Court of Rome will lead to major discussions. A number of operators sent an opt-in message during the days around the effective date of the GDPR to collect direct marketing consents from contacts for which they were not able to prove the prior collection of valid consent. This decision might further legitimate such a practice. But the whole point is under which circumstances and how personal data have been obtained and whether they have been legally processed.

The Garante recently issued major fines for direct marketing practices performed without privacy consent in Italy. Therefore, before a deep assessment will be necessary before sending opt-in messages.

On the same topic, you may find interesting the article “Top 5 practices on direct marketing under the GDPR“.

Don't miss our weekly insights

Show More

Giulio Coraggio

I am the head of the Italian Technology sector and the global head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our clients' success.

Related Articles

Back to top button