Italian Data protection Authority, Garante privacy, ordered a company that did not acquire granular consent for marketing from members of its loyalty programs to:
(i) stop processing personal data for marketing purposes if granular consent for the marketing/mailing was not acquired;
(ii) not start processing personal data for marketing purposes in future without obtaining such granular consent;
(iii) implement adequate organizational and technical measures to guarantee the correct management of the rights of individuals, and in particular the right to object to marketing; and
(iv) communicate, within sixty days from the date of receipt of this decision, appropriate documentation demonstrating implementation of the Garante’s requirements.
Failure to comply with the Garante’s requirements may be punished by imprisonment of three months to two years;
Garante rejected as not granular, and mixing promotional and contractual purposes the phrase: “communication to third parties for the purposes of verifying the degree of customer satisfaction and the management of the prizes ”