Azienda sanitaria provinciale di Enna – €30,000 Fine (Italy, 2021)

€30,000Garante per la protezione dei dati personali14 January 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Italian data protection authority fined Azienda sanitaria provinciale di Enna EUR 30,000 for improperly using employee biometric data to track attendance. The authority found this use of sensitive data was not justified and lacked a legal basis. Businesses should ensure they have a valid reason and legal basis before processing sensitive information like biometric data.

What happened

Azienda sanitaria provinciale di Enna used employee biometric data for attendance tracking without a legal basis.

Who was affected

Employees whose biometric data was processed without proper justification.

What the authority found

The authority determined the processing of biometric data was unjustified and lacked a legal basis, violating GDPR.

Why this matters

This decision highlights the strict requirements for processing biometric data, urging companies to carefully evaluate their legal grounds for using such sensitive information.

GDPR Articles Cited

Art. 6 GDPR
Art. 9 GDPR
Art. 5(1)(a) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda sanitaria provinciale di Enna actions
Full Legal Summary
Detailed

The Italian DPA (Garante) imposed a fine of EUR 30,000 on Azienda sanitaria provinciale di Enna. The controller processed biometric data of employees for the purpose of registering their attendance. Garante found that such processing was not proportionate and therefore constituted an unjustified infringement of the rights of the data subjects. Subsequently, Garante determined that the processing of biometric data had taken place without a legal basis.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda sanitaria provinciale di Enna in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

14 January 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€30,000

Enforcement Tracker ID

ETid-558

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda sanitaria provinciale di Enna - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: