Comune di Casaloldo – €2,000 Fine (Italy, 2020)

The municipal district of Casaloldo (the 'District') has organized an open competition in order to fulfill a public role. After the written exams, the District published the results and the various scores of all the applicants through its website in order to guarantee the transparency of the procedure. One of the unsuccessful applicants made a complaint to the Garante claiming that District had made inappropriate and unlawful use of his information, with the publication of his name and his score publicly available. The Garante promptly started an investigation in order to have more details from the District, which, following the mentioned complaint, immediately removed the information of all the unsuccessful candidates from the official website of the District. The Garante had to determine whether the District had correctly published information of all the candidates or it would contravene the Data Protection principles established by the Art. 5 of GDPR. The Garante did not find a proper legal basis to disclose the information of unsuccessful candidates to the public and evaluate reasonable the disclosure of only the candidates that move forward to the final step of the open competition. Furthermore, the Garante interpreted this to mean that all candidates would not have expected their personal data to be disclosed in the event of unsuccessful applications considered that disclosure remains beyond the candidates’ expectations. It is therefore possible that disclosing this information would cause them distress.