Italian post officeduring 2024, found itself at the center of a procedure of theAntitrustended with one penalty of 4 million euros for one commercial practice deemed incorrect in the management of smartphone apps BancoPosta and Postepay on Android devices. According to AGCM (Competition and Market Guarantor Authority), the company would have imposed the obligation to grant access to various personal data on their smartphone to Android users in order to continue using applications. In other words, if this authorization was not accepted, the apps in question could not be used. This mechanism, adopted exclusively on Android and not on iOS, has been justified by posts as a safety measure against possible fraud. The antitrust, however, defined the conduct “aggressive», I read the freedom of choice of users, and contrary to”Articles 20, 24 and 25 of the Consumer Code».
Despite the modification of the behavior by Poste (which took place in February 2025) and the absence of direct economic purposes, the AGCM considered the information asymmetry between the company and the consumers seriously, many of which may not have the digital skills necessary to evaluate the impact of such requests. So let’s see in more detail what happened and what the critical points highlighted by the competent authorities are.
The violation of the Italian Post Office according to the Antitrustust
The origin of the story dates back to early 2024when Poste Italiane implemented one Technical modification which made the functioning of the BancoPosta and Postepay apps subordinate to the issue of consent by the user to theaccess to certain personal data stored on your Android device. These are data as information on hardware, on the network, or other sensitive details that, in the absence of an explicit consent, would have prevented the use of the application itself. Everything was motivated, according to Poste, by oneneed for safety: protect users from digital fraud by exploiting a threat detection system (a sort of anti-Malware feed) deemed more necessary on Android, considered by the place more exposed than iOS for its nature as an “open” operating system.
AGCM considered that This choice violates the fundamental principles of the consumer code. In particular, article 24 prohibits aggressive practices that unduly limit the freedom of choice of the consumer, while article 25 prohibits any form of undue pressure to obtain a certain behavior. According to the authority, asking for consent for access to data not as an option but as a binding condition for the use of apps represented an unacceptable imposition, because it put the user in the condition of having to choose between his confidentiality and the possibility of accessing essential services offered by the post apps.
The AGCM, in the bulletin where he illustrated the incident and the relative measure taken to the detriment of post office, also spoke of “information asymmetry», A concept referred to by the AGCM to strengthen its arguments. In economics and consumer law, we speak of “Information asymmetry” When one of the parties involved in a transaction (in this case the user) has much less information than the other (in this case Poste Italiane), which can use them to take advantage of the situation.
Also theAGCOM (Authority for guarantees in communications), intervened by expressing a negative judgment on the postal conduct. It highlighted that the means itself through which the service is offered – i.e. apps – is able to significantly influence consumer choices. If an app presents messages that suggest that data authorization is necessary and non -negotiable, the user can be induced to give a consent that in normal conditions he could have denied, only in order not to lose access to fundamental features.
Because Poste was fined of 4 million even if it changed incorrect behavior
It is true that placed, during the year, has revised its position: From 18 February 2025 his apps are no longer blocked If the user refuses to grant them access to the data on their Android smartphone, and the possibility of revoking the consent already granted is given. However, for the antitrust This late correction was not enough to cancel the scope of the violationwhich was evaluated on the basis of the months in which the practice was active and its implications on consumer rights.
