Lazio Region – €100,000 Fine (Italy, 2022)

€100,000Garante per la protezione dei dati personali1 December 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Lazio Region in Italy was fined for secretly monitoring employees' email accounts without proper legal grounds. The Italian data protection authority found that this invasion of privacy lasted for 180 days and included personal data. This ruling stresses the need for organizations to have a valid reason before collecting personal information.

What happened

The Lazio Region monitored the email accounts of its legal department employees on suspicion of information leaks.

Who was affected

Employees of the Lazio Region's legal department were affected by the monitoring.

What the authority found

The authority decided that the Lazio Region lacked a valid legal basis for the extensive collection of personal data.

Why this matters

This ruling highlights that organizations must respect employee privacy and have legitimate reasons for monitoring communications. It sets a precedent for how employee data should be handled.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 5(1)(a) GDPR
Art. 113 Codice della privacy GDPR
Art. 114 Codice della privacy GDPR
View original scraped data
Art. 5(1) a) GDPR
Art. 6(GDPR)
Art. 113 Codice della privacy
Art. 114 Codice della privacy

Original data from scraper before AI verification against source document.

Source verified 10 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Lazio Region actions
Full Legal Summary
Detailed

The Italian DPA has fined Lazio Region EUR 100,000. A trade union had filed a complaint with the DPA alleging that the Region had monitored the e-mail accounts of employees of the Region's legal department. The Region had initiated such monitoring on suspicion of possible disclosure of information protected by official secrecy to third parties. The Region stored and analyzed the employees' data for 180 days. The data included not only information related to work, but also personal data of the data subjects concerning their private sphere. During its investigation, the DPA found that the Region at the time did not have a valid legal basis for such a large-scale collection of personal data.

Related Enforcement Actions (1)

Other enforcement actions involving Lazio Region in IT

Fine
Sept 2022· Garante per la protezione dei dati personali

The Italian DPA has imposed a fine of EUR 100,000 on Lazio Region. An individual had filed a complaint with the DPA because she had received an invita...

€100K
Current
Dec 2022

Fine

€100K

Details

Fine Date

1 December 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€100,000

Enforcement Tracker ID

ETid-1537

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Lazio Region - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: