Ministero dell’Istruzione, Ufficio Scolastico Regionale per il Lazio – €4,000 Fine (Italy, 2021)

€4,000Garante per la protezione dei dati personali25 February 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Lazio Region School Authority was fined EUR 4,000 for sharing a student's health information without a legal reason. They sent the data to clarify a parent's complaint about support hours for disabled students. This case shows the importance of having a valid reason before sharing sensitive information.

What happened

The Lazio Region School Authority shared a student's health data with another office without a legal basis.

Who was affected

A student with disabilities whose health information was improperly shared.

What the authority found

The Italian DPA determined that the school authority shared the student's data without a valid legal basis, violating GDPR rules.

Why this matters

This case highlights the need for educational institutions to ensure they have a legal basis before sharing personal data, especially sensitive information. It serves as a warning to review data-sharing practices to comply with privacy laws.

GDPR Articles Cited

Art. 6(GDPR)
Art. 9(GDPR)
Art. 5(1)(a) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Ministero dell’Istruzione, Ufficio Scolastico Regionale per il Lazio actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has imposed a fine of EUR 4,000 on the Lazio Region School Authority. A parent had filed a complaint against the school authority for forwarding data of his disabled son to the Office of Public Administration. The data forwarded included, among other things, information about the child's health condition. The parent had previously complained of irregularities in the allocation of support hours for students with disabilities at the school I.C.G. Pitocco of Castelnuovo di Porto. The school authority had then transmitted the data in order to clarify the allegation. The DPA, however, found that the transfer had taken place without a legal basis.

Related Enforcement Actions (0)

No other enforcement actions found for Ministero dell’Istruzione, Ufficio Scolastico Regionale per il Lazio in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

25 February 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€4,000

Enforcement Tracker ID

ETid-619

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Ministero dell’Istruzione, Ufficio Scolastico Regionale per il Lazio - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: