Scanshare s.r.l. – €60,000 Fine (Italy, 2020)

€60,000Garante per la protezione dei dati personali30 September 2020Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Scanshare was fined €60,000 for accidentally exposing personal data of public competition participants online. A configuration error made candidate documents accessible, violating data security rules. This case stresses the need for companies to ensure their systems are securely configured to protect personal data.

What happened

Scanshare accidentally exposed personal data of competition participants online due to a configuration error.

Who was affected

Participants in a public competition whose personal data was made accessible online.

What the authority found

The Italian data protection authority fined Scanshare €60,000 for failing to protect personal data due to a configuration error, violating GDPR's security requirements.

Why this matters

This fine highlights the critical importance of proper system configuration to prevent data breaches. Companies must ensure their IT systems are secure to avoid similar penalties and protect user data.

GDPR Articles Cited

Art. 6(GDPR)
Art. 9(GDPR)
Art. 32(GDPR)
Art. 5(1)(a) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Scanshare s.r.l. actions
Full Legal Summary
Detailed

According to the data protection authority, personal information about participants in a public competition had been unlawfully disclosed online. The reason for this was that, due to a configuration error, a list of the codes assigned to the candidates was temporarily accessible on the platform, which allowed access to the documents submitted by the candidates with their personal data. This was a violation of the principle of protection of information security for which Scanshare - which was the processor of the data on behalf of the controller 'Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli'' (a private hospital) - had been fined with EUR 60.000. [Also see the main fine on the hospital!]

Related Enforcement Actions (0)

No other enforcement actions found for Scanshare s.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

30 September 2020

Authority

Garante per la protezione dei dati personali

Fine Amount

€60,000

Enforcement Tracker ID

ETid-407

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Scanshare s.r.l. - Italy (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: