Servizio Idrico Integrato S.c.p.a. – €15,000 Fine (Italy, 2022)

€15,000Garante per la protezione dei dati personali6 October 2022Italy
final
ePrivacy
Fine

Italy's data protection authority fined Servizio Idrico Integrato S.c.p.a. EUR 15,000 for not securing personal data on its website. The company failed to use an SSL form, which is important for protecting users' information. This case highlights the need for businesses to implement proper security measures to keep customer data safe.

What happened

Servizio Idrico Integrato S.c.p.a. processed personal data on its website without using an SSL form for security.

Who was affected

Website visitors whose personal data was processed by Servizio Idrico Integrato's website.

What the authority found

The authority found that the company did not implement appropriate security measures, violating GDPR's requirements for data protection.

Why this matters

This ruling emphasizes that companies must prioritize data security to avoid penalties. Other businesses should ensure they have the necessary protections in place to safeguard user information.

GDPR Articles Cited

AI-verified

Art. 32(GDPR)
Art. 5(1)(f) GDPR
Art. 25(1) GDPR
Art. 58(2)(i) GDPR
Art. 83(3) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 25(1) GDPR
Art. 32(GDPR)
Art. 58(2)(i) GDPR
Art. 83(3) GDPR

Original data from scraper before AI verification against source document.

Source verified 13 March 2026
scope corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Servizio Idrico Integrato S.c.p.a. actions
Full Legal Summary
Detailed

The Italian DPA has fined Servizio Idrico Integrato S.c.p.a. EUR 15,000. The controller had operated a website where personal data was being processed without using an SSL form. The DPA found that the use of an SSL form would have been necessary for the security of the data. It therefore concluded that the controller had failed to implement appropriate technical and organizational measures to protect personal data.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Servizio Idrico Integrato S.c.p.a. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

6 October 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€15,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Servizio Idrico Integrato S.c.p.a. - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: