Fine imposed by Italian data protection authority
Recently, the Italian data protection authority (Garante per la protezione dei dati personali) issued a restraining order and imposed a fine of EUR 5,000.00 on an Italian enterprise.
The facts at a glance
An Italian realtor extracted information about property owners from the public Italian land register (the section known in Italy as the property register) and, via LinkedIn, offered targeted real estate services to a LinkedIn user who was the owner of a property. When this happened, the user's LinkedIn profile was configured in such a way that it was accessible to every other user of the platform without any restrictions.
The ruling
The Italian authority ruled that both the use of the public property register and the advertisements sent to the LinkedIn user were incompatible with the respective purpose of the register and the social media network.
The social media network
Signing up for a social media network includes an obligation to comply with its terms of use. Individual users also base their expectations on these terms of use. The purpose of LinkedIn is to connect people who share the same professional interests in order to promote the exchange of know-how or job opportunities. Therefore, users do not have to reckon with other users employing the platform to sell products and services through unsolicited messages, even if this obviously ties in with their professional activities.
The property register
The purpose of the property register is to verify ownership of a property, but not to allow the subsequent use of data for the promotion of services, and in particular, it is not to extend an offer to buy to people who did not even express the desire to sell their property.
A comment
As far as we know, there is no comparable ruling on direct advertising via social media networks in Austria. The requirements are governed by the Telecommunications Act. According to case law, the use of land register data is basically possible for the acquisition of real estate, but a weighing of interests is required. In any event, it is always necessary to decide on a case-by-case basis!
Practical tips: Marketing activities must be GDPR-compliant and must not conflict with the Telecommunications Act! Before marketing steps are taken, there must always be an extensive permissibility check. Likewise, there is a need to review in advance whether the use of personal data from public registers is compatible with the purpose of such registered and whether a weighing of interests is needed. |
Needless to say, our Data Protection Team is standing ready to advise you!
Links: