Sapienza Università di Roma – €30,000 Fine (Italy, 2020)

€30,000Garante per la protezione dei dati personali23 January 2020Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Sapienza Università di Roma was fined €30,000 for not protecting whistleblowers' identities. The university failed to limit access to sensitive information, allowing unauthorized people to see it. This case highlights the importance of strong data security measures to protect individuals who report wrongdoing.

What happened

Sapienza Università di Roma exposed the identities of two whistleblowers due to inadequate access controls.

Who was affected

Two individuals who reported possible illegal behavior to the university had their identities exposed.

What the authority found

The authority found that the university failed to implement adequate security measures, violating GDPR's requirements for data protection.

Why this matters

This fine emphasizes the need for institutions to secure sensitive information, especially in whistleblowing cases. Universities and similar organizations should ensure only authorized personnel can access such data.

GDPR Articles Cited

Art. 32 GDPR
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Sapienza Università di Roma actions
Full Legal Summary
Detailed

The fine is based on the fact that, according to the data protection authority, the Sapienza Università made available online identification data of two people who had reported possible illegal behaviour to the university. This was due to the lack of adequate technical access control measures within the whisleblowing management system, which had not limited access to such data to authorized personnel only.

Related Enforcement Actions (0)

No other enforcement actions found for Sapienza Università di Roma in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

23 January 2020

Authority

Garante per la protezione dei dati personali

Fine Amount

€30,000

Enforcement Tracker ID

ETid-213

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Sapienza Università di Roma - Italy (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: