Ministero dello sviluppo economico (Ministry of Economic Development) – €75,000 Fine (Italy, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Ministry of Economic Development was fined EUR 75,000 for failing to appoint a data protection officer and for exposing personal data of over 5,000 managers on its website. This case is important because it emphasizes the need for organizations to appoint a data protection officer and protect personal information.
What happened
The Ministry of Economic Development did not appoint a data protection officer and published personal data of over 5,000 managers online.
Who was affected
More than 5,000 managers whose personal information was made publicly available were affected.
What the authority found
The Italian DPA found that the Ministry violated GDPR by not appointing a data protection officer and unlawfully processing personal data.
Why this matters
This case highlights the need for businesses to comply with data protection regulations, including appointing a data protection officer. Organizations should ensure they have proper safeguards for handling personal data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Following some reports, the Italian DPA ascertained that the MISE uploaded on its website a list of more than 5,000 managers containing their personal data, including name, tax code, e-mail address, CV, mobile phone and, in some cases, ID and health card. All this data was freely visible and downloadable. The MISE published that list to help SMEs in booking advice from experienced business professionals on the technological and digital processes to manage vouchers provided in compliance with the 2019 Budget Law. The DPA has also found that the MISE did not appoint a DPO by May 25, 2018, as required for all public bodies according to art. 37 GDPR. The Italian DPA noted that MISE failed to appoint a DPO by the established deadline (May 25, 2018). Furthermore, it has found that there was no adequate legal basis for the online publication of managers' personal data, as there were less intrusive methods to ensure that SMEs would have access to the managers' consultancy services, such as ensuring restricted access to said information through the use of passwords and usernames. As such, the Authority found that the dissemination of their personal information also consisted of disproportionate processing of data. In light of the above and given that the MISE has appointed a DPO then, the Italian DPA issued a fine of €75,000.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Ministero dello sviluppo economico (Ministry of Economic Development) in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
11 February 2021
Authority
Garante per la protezione dei dati personali
Fine Amount
€75,000
GDPRhub ID
gdprhub-3265About this data
Cite as: Cookie Fines. Ministero dello sviluppo economico (Ministry of Economic Development) - Italy (2021). Retrieved from cookiefines.eu
Last updated: