A fine of over €16.7 million was imposed on Wind Tre, another mobile telecoms operator, by the Italian Garante (Data Protection Authority). Violations included using personal data without the consent of the data subject, and creating confusing and onerous interfaces for users to give consent – including having many email addresses, some of which did not exist, and some of which may have been provided only to certain data subjects. Wind also used aggressive direct marketing techniques that violated the GDPR, and in fact was the subject of hundreds of complaints about this. Further, Wind Tre did not have proper contracts with partners, and did not do sufficient due diligence on those partners. (See the Merlini entry below for a notable example.) The DPA stated that at least some of Wind Tre’s violations were not just accidental, but the result of willful misconduct.

https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9435753