T.S.M. Srl. – €40,000 Fine (Italy, 2022)
T.S.M. Srl., a cleaning tool company in Italy, was fined €40,000 for not responding properly to a user's requests about their personal data. The company deleted the data but failed to address the user's other rights, like access and objection. This case shows that companies must fully engage with user requests regarding their personal information.
What happened
T.S.M. Srl. was fined for not adequately responding to a user's requests about their personal data rights.
Who was affected
A user who requested information and action regarding their personal data from T.S.M. Srl.
What the authority found
The Italian DPA found that T.S.M. did not fulfill its obligations to respond to the user's requests about their data rights.
Why this matters
This case highlights the necessity for companies to properly address all user requests about personal data. Businesses should ensure they have clear processes in place to handle such inquiries.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data subject was contacted by cleaning tool company T.S.M. Srl. (the controller) to take part in a professional course, and received various forms to be filled in. The company was not able to answer the data subject properly regarding its involvement in the processing of the data required in the forms. The data subject decided to address the company with requests to exercise their rights to access, to object and to erasure of personal data. T.S.M. replied confirming the deletion of personal data, but did not provide a proper response regarding the right of access and the right to object. Based on the company's lack of response to these requests, the data subject filed a complaint with the Italian DPA (Garante). The Garante noted T.S.M.'s lack of participation in the proceedings, and neither asked to be heard, nor answered requests made in this sense by the Garante. The Garante held that this lack of cooperation was in breach of Articles 157 and 166 of the [https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9740796 Italian Code of Privacy]. Nevertheless, the Garante found that the documentation attached to the complaint was sufficient to prove the controller's responsibility in this case. According to the Garante, the mere deletion of the personal data pursuant to Article 17 GDPR did not exhaust the controller's duties regarding the data subject's requests. The Garante held that T.S.M. should have provided the data subject with information related to the origin of the personal data, the processing activities carried out, and any other recipients of the data, pursuant to Articles 13 and Article 15 GDPR. Additionally, the Garante highlighted that T.S.M. should have confirmed the receipt of the request to object to further processing, and granted the data subject's right under Article 21 GDPR. Based on these considerations, the Garante issued a fine of €40,000 on T.S.M. for the violation of Articles 13 and Article 15 and 21 GDPR, as
Related Enforcement Actions (0)
No other enforcement actions found for T.S.M. Srl. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
27 January 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€40,000
GDPRhub ID
gdprhub-4674About this data
Cite as: Cookie Fines. T.S.M. Srl. - Italy (2022). Retrieved from cookiefines.eu
Last updated: