Selectra S.p.A. – €80,000 Fine (Italy, 2024)

€80,000Garante per la protezione dei dati personali17 July 2024Italy
final
ePrivacy
Fine

Selectra S.p.A. was fined €80,000 for keeping a former employee's emails for too long and not providing enough information about data processing. The Italian data protection authority found that retaining emails for three years after employment was excessive. This case highlights the need for clear data retention policies.

What happened

Selectra S.p.A. retained a former employee's emails for three years without proper justification.

Who was affected

The former employee whose emails were accessed after leaving the company was affected.

What the authority found

The authority ruled that Selectra S.p.A. violated data protection rules by not providing sufficient information and retaining data excessively.

Why this matters

This case sets a precedent for how long companies can keep personal data. Businesses should review their data retention policies to ensure compliance and protect user privacy.

GDPR Articles Cited

AI-verified

Art. 13(GDPR)
Art. 5(1)(a) GDPR
Art. 5(1)(c) GDPR
Art. 5(1)(e) GDPR
Art. 88(GDPR)
View original scraped data
Art. 5(1)(a) GDPR
Art. 5(1)(c) GDPR
Art. 5(1)(e) GDPR
Art. 13(GDPR)
Art. 88(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Article 114 of Italian Data Protection Code (Codice in materia di protezione dei dati personali)
Source verified 10 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Selectra S.p.A. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 80,000 on Selectra S.p.A.. A former employee had lodged a complaint with the DPA on the grounds that the controller was able to access their e-mail inbox even after the termination of the employment relationship. The DPA found that such a long retention period for e-mails (in some cases three years after the termination of the employment relationship) was excessive. The DPA also found that the controller had not provided the data subjects with sufficient information about the data processing (e.g. regarding the retention period for e-mail data).

Violations (1)

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Selectra S.p.A. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

unknown (claimant)

2021 · DPA OLGLinz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

17 July 2024

Authority

Garante per la protezione dei dati personali

Fine Amount

€80,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Selectra S.p.A. - Italy (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: