Share This Article
The Italian Privacy Authority has approved the Code of Conduct for Telemarketing, which imposes significant responsibilities on contact list management and call center monitoring.
On March 24, 2023, the Italian Privacy Authority approved the “Code of Conduct for Telemarketing and Teleselling Activities.” This code aims to contribute to the proper application of telemarketing regulations and promote consumer protection principles and measures among call centers and other operators in the sector.
Promoted by various associations in the supply chain (principals, call centers, telemarketers, list providers, and consumer associations), the Code of Conduct on Telemarketing was submitted to the Italian Data Protection Authority on November 10, 2022, in accordance with Article 40 of the GDPR. The GDPR itself encourages the development of these tools to facilitate its application while respecting the specificities and characteristics of relevant sectors.
The Code of Conduct on Telemarketing incorporates principles and protections that the Italian Data Protection Authority has reiterated several times at the regulatory and decision-making level. Given its particular social sensitivity, the matter has been the subject of multiple legislative interventions in recent years, most recently with the implementing regulation of the new so-called Public Registry of Oppositions (RPO), and of intense law enforcement activity by the Italian Data Protection Authority, through corrective measures and sanctions that are among the highest in Europe.
The provisions of the Code of Conduct apply to operators who carry out activities promoting and/or offering goods and services via telephone to subjects in Italian territory and who voluntarily adhere to it. Adherence to the Code takes place through an application to the Monitoring Body.
However, the Code of Conduct does not regulate (i) telephone calls made to check customer satisfaction or for surveys/market research without a commercial purpose; and (ii) all contact methods developed through channels other than telephone (e.g., App, digital advertising, SMS).
The Code of Conduct clarifies the privacy qualifications of different entities involved in telemarketing operations, such as data controllers, list providers, and data processors, after a general reminder of the founding principles of the GDPR. The code also specifies several obligations aimed at preventing unlawful behavior and ensuring end-to-end control of promotional campaigns for entities in the supply chain.
Furthermore, the Code of Conduct introduces stringent measures to control the operators that make up the supply chain, devolving to the developer the need to include in contracts or DPAs signed with its suppliers, mechanisms that allow “full, timely, and constant control” of the chain of actors involved (e.g., audit and inspection mechanisms, including through “owl numbers”).
Particular procedures are recalled in the context of teleselling to allow traceability of the operations carried out with respect to the finalization of the contract with the end user. The Code introduces a strict provision according to which contracts for which the first contact is found to be flawed may continue to be executed, provided that the principal informs the interested party of the flawed origin of the contract and that the interested party confirms their willingness to maintain it.
It is evident that the contents of the Italian Code of Conduct on Telemarketing introduce burdensome obligations on principals, which could be difficult for small to medium-sized companies to handle, potentially leading to discrimination against them. It remains to be seen whether the Italian Data Protection Authority will make the requirements of the Code the rule to be followed for any company carrying out telemarketing activities.
For a similar topic, the following article may be of interest: “New Public Register of Oppositions for opt-out to telemarketing kicks off in Italy“.