Comune di Orte (data controller) – €20,000 Fine (Italy, 2022)
Comune di Orte was fined €20,000 for using surveillance cameras without informing citizens. The municipality failed to follow legal procedures for operating the cameras, which were meant to catch illegal dumping. This case highlights the need for transparency in surveillance practices.
What happened
Comune di Orte installed surveillance cameras without proper legal procedures or informing the public.
Who was affected
Citizens of Orte who were recorded by the surveillance cameras.
What the authority found
The Italian Data Protection Authority found that the municipality violated multiple GDPR articles by not informing citizens about the surveillance.
Why this matters
This ruling emphasizes the importance of transparency and legal compliance in surveillance practices. Businesses and public entities must ensure they inform individuals about data collection to avoid penalties.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
A citizen of Orte filed a complaint against their municipality. The municipality of Orte is the controller and the citizen is the data subject. The controller installed photo-traps to prevent and punish illegal garbage disposal. The data subject submitted a request to the municipality under law 241/1990 for access to the surveillance system's administrative documents. The controller only gave him the supplier's (the urban cleaning company) technical offer. The data subject then filed a complaint with the DPA alleging that that (1) the municipality neglected to publish any information in the Municipal Notice Board (Albo Pretorio) and (2) he had been recorded several times. The controller claimed that the photo-traps were installed as part of an adjudication procedure for the urban cleaning service. The controller admitted that it adopted none of the administrative acts required by Italian law in order to lawfully operate the photo-traps. A municipal regulation on camera surveillance had been drafted, but not approved, according to the controller. Furthermore, the controller admitted it had not informed the citizens of the surveillance system's installation. Moreover, no agreement relating to the processing of the data collected by the cameras was concluded with the supplier. The controller later stated (past the deadline) that it only operated the photo-traps for a short time in order to verify their functionality. Some cameras were also installed for deterrence purposes. These cameras were not activated and did not collect data at that time. The controller eventually removed all of the cameras. The municipality claimed that they never processed any personal data aside from those collected in the testing phase, and that they never sanctioned any citizen based on the data collected through the surveillance system. During the preliminary investigation, the DPA also found that the contact information for the municipality’s DPO were the same as the contact information fo
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Comune di Orte (data controller) in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
7 April 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€20,000
GDPRhub ID
gdprhub-5010About this data
Cite as: Cookie Fines. Comune di Orte (data controller) - Italy (2022). Retrieved from cookiefines.eu
Last updated: