Comune di Palermo – €40,000 Fine (Italy, 2021)

€40,000Garante per la protezione dei dati personali15 April 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The city of Palermo was fined €40,000 for not protecting personal data in a food subsidy application, which was accessed by an unauthorized person. This breach happened because the city didn't have proper security measures in place. The case highlights the importance of safeguarding personal data with strong security practices.

What happened

Palermo's municipality failed to secure personal data from a food subsidy application, allowing unauthorized access.

Who was affected

Individuals who applied for food subsidies and had their personal data accessed without permission.

What the authority found

The Italian data protection authority found that Palermo violated GDPR by not implementing adequate security measures to protect personal data.

Why this matters

This case emphasizes the need for local governments and organizations to implement strong security measures to protect personal data. It serves as a warning that inadequate data protection can lead to significant fines and privacy breaches.

GDPR Articles Cited

Art. 25 GDPR
Art. 32 GDPR
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Comune di Palermo actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has imposed a fine of EUR 40,000 on the municipality of Palermo. A data subject had filed a complaint with the Italian DPA against the municipality of Palermo. His complaint was based on the fact that his personal data from a food subsidy application he had submitted had been acquired by an unauthorized person and processed for his own purposes. As the DPA determined in the course of its investigations, such processing had occurred because the municipality had not implemented adequate technical and organizational measures to ensure the security and confidentiality of the processing.

Related Enforcement Actions (0)

No other enforcement actions found for Comune di Palermo in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

15 April 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€40,000

Enforcement Tracker ID

ETid-686

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Comune di Palermo - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: